Python Scripting on Chief Dennis' Bloghttps://chiefdennis.github.io/tags/python-scripting/Recent content in Python Scripting on Chief Dennis' BlogHugoenSun, 16 Jun 2024 13:07:16 +0100Blurry HTB Walkthroughhttps://chiefdennis.github.io/posts/htb_blurry/Sun, 16 Jun 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_blurry/<p><img src="https://chiefdennis.github.io/posts/htb_blurry/Scr_6.png#center" alt="image"></p> <p>The Blurry HTB machine is a medium difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:</p> <pre><code>- ClearML - CVE-2024-24590 - Json deserialization - Scipt analysis - Fickling - Python scripting </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We start a broad Nmap scan by executing the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">sudo nmap -sS -T5 -vvv -p- 10.10.11.19 -Pn -oG nmap_inicial </span></span></code></pre></div><p>Where the arguments mean:</p>Codify HTB Walkthroughhttps://chiefdennis.github.io/posts/htb_codify/Wed, 13 Sep 2023 13:07:16 +0100https://chiefdennis.github.io/posts/htb_codify/<p><img src="https://chiefdennis.github.io/posts/htb_codify/codify.png" alt="image"></p> <p>The Codify HTB machine is a easy difficulty level HackTheBox Linux Machine. The main techniques used to crack this machine are:</p> <pre><code>- Hash cracking with JohnTheRipper - Sandbox escape - Batch Script Analysis - Python Scripting </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>I started by running a NMAP scan to look for services and versions running on open ports;</p> <p><img src="https://chiefdennis.github.io/posts/htb_codify/nmap.png" alt="image"></p> <p>We can see that the usual ports 22 and 80 are open. However, port 3000 is also open running node.js, which could be useful in the future since node.js has some known vulnerabilities in older versions.</p>