https://chiefdennis.github.io/tags/hash-cracking/Recent content in Hash Cracking on Chief Dennis' BlogHugoenWed, 29 May 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_usage/Wed, 29 May 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_usage/<p><img src="https://chiefdennis.github.io/posts/htb_usage/Scr_20.png#centre" alt="image"></p> <p>The Usage HTB machine is a madium difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:</p> <pre><code>- Blind SQL injection with SQLmap - Burpsuite - Hash cracking with JohnTheRipper - 7z Wildcard Spare exploitation </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We start a broad Nmap scan by executing the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">sudo nmap -sS -T5 -vvv -p- 10.10.11.18 -Pn -oG nmap_inicial </span></span></code></pre></div><p>Where the arguments mean:</p>https://chiefdennis.github.io/posts/htb_bizness/Fri, 02 Feb 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_bizness/<p><img src="https://chiefdennis.github.io/posts/htb_bizness/15.png#center" alt="image"></p> <p>The Bizness HTB machine is an easy difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:</p> <pre><code> - Dirsearch - CVE-2023-51467 - Grep, find and strings - Hashcat </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We start a broad Nmap scan by executing the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">sudo nmap -sS -T5 -vvv -p- 10.10.11.252 -Pn -oG nmap_inicial </span></span></code></pre></div><p>Where the arguments mean:</p>https://chiefdennis.github.io/posts/htb_codify/Wed, 13 Sep 2023 13:07:16 +0100https://chiefdennis.github.io/posts/htb_codify/<p><img src="https://chiefdennis.github.io/posts/htb_codify/codify.png" alt="image"></p> <p>The Codify HTB machine is a easy difficulty level HackTheBox Linux Machine. The main techniques used to crack this machine are:</p> <pre><code>- Hash cracking with JohnTheRipper - Sandbox escape - Batch Script Analysis - Python Scripting </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>I started by running a NMAP scan to look for services and versions running on open ports;</p> <p><img src="https://chiefdennis.github.io/posts/htb_codify/nmap.png" alt="image"></p> <p>We can see that the usual ports 22 and 80 are open. However, port 3000 is also open running node.js, which could be useful in the future since node.js has some known vulnerabilities in older versions.</p>