https://chiefdennis.github.io/tags/batch-script-analysis/Recent content in Batch Script Analysis on Chief Dennis' BlogHugoenWed, 13 Sep 2023 13:07:16 +0100https://chiefdennis.github.io/posts/htb_codify/Wed, 13 Sep 2023 13:07:16 +0100https://chiefdennis.github.io/posts/htb_codify/<p><img src="https://chiefdennis.github.io/posts/htb_codify/codify.png" alt="image"></p> <p>The Codify HTB machine is a easy difficulty level HackTheBox Linux Machine. The main techniques used to crack this machine are:</p> <pre><code>- Hash cracking with JohnTheRipper - Sandbox escape - Batch Script Analysis - Python Scripting </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>I started by running a NMAP scan to look for services and versions running on open ports;</p> <p><img src="https://chiefdennis.github.io/posts/htb_codify/nmap.png" alt="image"></p> <p>We can see that the usual ports 22 and 80 are open. However, port 3000 is also open running node.js, which could be useful in the future since node.js has some known vulnerabilities in older versions.</p>