Toolbox is an Easy machine listed on Hack The Box. It was designed on March 12th, 2021 by MinatoTW. I was able to gain a foothold into Toolbox with a combination of Burpsuite and sqlmap. From there, Python-based shell improvements and exploiting default Docker credentials allowed for a pivot deeper into the machine.

Part One: Enumeration

While initially loading Toolbox did not bring up results, accessing the page via HTTPS was successful


The news stories about cyber attacks are downright hard to ignore. Hospital systems, municipal water, oil pipelines… No part of modern life seems safe from cyber criminals. It then seems inevitable that non-technical users would benefit from some guidelines for good security practices. That is what I aim to do with this article. I will attach a sample of an FAQ that would be suitable for this, but when drafting successful security communication, any correspondence should be mindful of it’s audience. Here are a few guidelines:

  • Non-technical does not mean stupid. While explaining the vulnerabilities in various wireless security protocols…

Writeup is an Easy box listed on Hack The Box. It was designed by jkr and was originally released on June 8th, 2019. While initial enumeration attempts were complicated by limited Dirbuster search results and an apparent lack of a front-facing website, simple banner grabbing revealed version information that allowed me to use a SQL injection to gain access credentials. From that point, pivoting to root access required a small amount of research. The CVE associated with the SQL injection attack is CVE-2019–9053, and the CVSS score associated with this is 8.1.

Part One: Enumeration

Enumeration for Writeup was initially limited. NMAP scanning…


Luanne is a retired, easy machine that is listed on Hack The Box. It was first released on November 28th, 2020, and was designed by polarbearer. Gaining an initial foothold into Luanne was somewhat time consuming, but after finding a Lua error, a SQL injection helped establish a shell connection through Netcat. The shell connection then lead to the discovery of an SSH key, which immediately revealed the User flag, as well as hashed credentials which later revealed the Root flag.

Part One: Enumeration

Initial enumeration attempted were fairly unproductive. While an inital nmap scan did notice an HTTP server, nothing related to…


Active is an easy, retired machine that is listed on Hack The Box. It was first released on July 28th, 2018, and was designed by eks and mrb3n. Active teased vulnerability to the infamous EternalBlue vulnerability (identified as MS17–010, or CVE-2017–0144) via Metasploit modules, but the initial pivot point used in this exploitation was developed from information collected by smbclient.

While EternalBlue is the most notable CVE used in Active, exploiting Kerberos through what is referred to as Kerberoasting was what eventually allowed access to the Root flag.

Part One: Enumeration

Not surprisingly, the first part of exploiting Active involves developing an idea…


Traverxec is an easy, retired machine that is listed on Hack The Box. It was first released on November 16th, 2019, and was designed by jkr. While a number of potential pivot points were identified during the recon phase, Searchsploit identified a critical CVE in Nostromo web servers through version 1.9.6 that allowed for Remote Code Execution (RCE). This CVE is identified at CVE-2019–16278 and has a CVSS Base Score of 9.8/10.

Part One: Enumeration

Port scanning is the most obvious first step in assessing this box, and scanning with Legion reveals fairly common results — a web server hosting a web page…


“Everyone has a plan until they get punched in the mouth"

  • Mike Tyson

Have you ever received a notice informing you that your account information has been stolen from a business you have used? Have you logged into an MMO only to learn that your character has gone from affluent lordship to abject poverty?

You can check https://haveibeenpwned.com/ to see for sure, but something like this has probably happened to you at some point. Hacking tools are becoming cheaper and easier to use, so it is likely this will only intensify and continue to effect broader groups of consumers.

Confronting…


Curling is an Easy, retired machine that is listed on Hack The Box. It was first released on October 27th, 2018, and was designed by L4mpje. While exploiting this box, I gained a foothold by finding login data in the page source on the (unencrypted) port 80 web page. While many CVEs were identified during the recon phase of this hack, and Hack The Box DOES identify this box as being largely based on CVEs, crucial pivot points were gained through simple banner grabbing.

Part One: Enumeration

Hack The Box Machines love using puns, or coded language. So, it seems likely based on…


Irked is an Easy, retired machine that is listed on Hack The Box. It was first released on November 17th, 2018, and was designed by MrAgent. There are likely many ways to exploit this box, but I used a trojan horse that was included on many mirror sites that distributed IRC server software called Unreal IRC. The CVSS Version 2.0 score for this is 7.5, which is classified as High. This CVE is identified as CVE 2010–2075.

Part One: Enumeration

As always, using a port scan is the crucial first step in identifying a solid pivot point. I enjoy using Legion for this…


Valentine is an easy, retired machine that is listed on Hack The Box. It was first released on February 17th, 2018, and was designed by mrb3n. Hacking this box mostly requires the use of a well-known CVE referred to as the Heartbleed bug, carrying the CVE-2014–0160 Dictionary Entry. The CVSS 3.1 Base Score for this is 7.5.

MisterK

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store