HackTheBox Pwned Machines Collection

2025. 1. 22. 12:20·Study Record/Cybersecurity
목차
  1. 1. Meow
  2. 2. Fawn
  3. 3. Dancing
  4. 4. Redeemer
  5. 5. Explosion
  6. 6. Preignition
  7. 7. Mongod
  8. 8. Synced
  9. 9. Appointment
  10. 10. Sequel
  11. 11. Crocodile
  12. 12. Responder
  13. 13. Three
  14. 14. Ignition
  15. 15. Pennyworth
  16. 16. Tactics
  17. 17. Archetype
  18. 18. Oopsie
  19. 19. Included
  20. 20. Cap
  21. 21. Bashed
  22. 22. Nibbles
  23. 23. Sense
  24. 24. Valentine
  25. 25. Poison
  26. 26. Sunday

1. Meow

# Telnet

# Weak Credentials

 

- Utilized Tools: nmap, telnet

 

2. Fawn

# FTP

# Anonymous/Guest Access

 

- Utilized Tools: nmap, ftp

 

3. Dancing

# SMB

# Anonymous/Guest Access

 

- Utilized Tools: nmap, smbclient

 

4. Redeemer

# Redis

# Vulnerability Assessment

# Anonymous/Guest Access

 

- Utilized Tools: nmap, redis-cli

 

5. Explosion

# RDP

# Weak Credentials

 

- Utilized Tools: nmap, xfreerdp

 

6. Preignition

# Apache

# Web Site Structure Discovery

# Default Credentials

 

- Utilized Tools: nmap, gobuster

 

7. Mongod

# MongoDB

# Misconfiguration

# Anonymous/Guest Access

 

- Utilized Tools: nmap, mongosh

 

8. Synced

# Rsync

# Anonymous/Guest Access

 

-Utilized Tools: nmap, rsync

 

9. Appointment

# Apache

# PHP

# SQL Injection

 

- Utilized Tools: nmap, gobuster

 

10. Sequel

# Vulnerability Assessment

# MySQL

# Weak Credentials

# Reconnaissance

 

- Utilized Tools: nmap, mysql

 

11. Crocodile

# Apache

# FTP

# Reconnaissance

# Web Site Structure Discovery

# Clear Text Credentials

# Anonymous/Guest Access

 

- Utilized Tools: nmap, ftp

 

12. Responder

# WinRM

# SMB

# Responder

# Password Cracking

# Hash Capture

# Remote File Inclusion

# Remote Code Execution

 

- Utilized Tools: nmap, responder, john, evil-winrm

 

13. Three

# Cloud

# AWS

# Web Site Structure Discovery

# Bucket Enumeration

# Arbitrary File Upload

# Anonymous/Guest Access

 

- Utilized Tools: nmap, gobuster, aws, ncat, python3

 

14. Ignition

# Web Site Structure Discovery

# Weak Credentials

 

- Utilized Tools: nmap, curl, gobuster

 

15. Pennyworth

# Remote Code Execution

# Default Credentials

 

- Utilized Tools: nmap, ncat

 

16. Tactics

# SMB

# Misconfiguration

# Reconnaissance

 

- Utilized Tools: nmap, smbclient, impacket-psexec.py

 

17. Archetype

# MSSQL

# SMB

# Powershell

# Remote Code Execution

# Clear Text Credentials

# Information Disclosure

# Anonymous/Guest Access

 

- Utilized Tools: nmap, smbclient, impacket-mssqlclient.py, python3, ncat, winPEAS, impacket-psexec.py

 

18. Oopsie

# PHP

# Apache

# Web Site Structure Discovery

# Cookie Manipulation

# SUID Exploitation

# Authentication bypass

# Arbitrary File Upload

# IDOR (Insecure Direct Object Reference)

 

- Utilized Tools: nmap, Burp suite, gobuster, ncat

 

19. Included

# RDP

# Weak Credentials

 

- Utilized Tools: nmap, curl, tftp, lxc

 

20. Cap

# Fuzzing

# IDOR (Insecure Direct Object Reference)

# Packet Capture

# PoC

 

- Utilized Tools: nmap, wireshark, LinPEAS, zeek

- Notes: https://goldstaryeon.tistory.com/510

 

[HTB machine] Cap

- Concpets1. Security snapshot - Quick or comprehensive analysis of a system's security posture at a given point in time. It's commonley used in web vulnerability tools (e.g., OWASP ZAP, Burp suite, Nessus) or integrated security dashboards.2. Fuzzing - Se

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/351

 

Owned Cap from Hack The Box!

I have just owned machine Cap from Hack The Box

labs.hackthebox.com

 

21. Bashed

# DNS

# Cron

 

- Utilized Tools: CherryTree, nmap, LinEnum.sh, crontab

- Notes: https://goldstaryeon.tistory.com/513

 

[HTB machine] bashed

- Concepts1. CherryTree: A note-taking application used for organizing, storing, and managing hierarchical notes effectively. 2. Hostname vs domain name   - Hostname: Identifies a specific device within a network (e.g., www, mail, ftp, etc.)   - Domai

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/118

 

Owned Bashed from Hack The Box!

I have just owned machine Bashed from Hack The Box

labs.hackthebox.com

 

22. Nibbles

# Metasploit

# Password cracking

 

- Utilized Tools: Burp suite, searchsploit, metasploit, hydra

- Notes: https://goldstaryeon.tistory.com/515

 

[HTB machine] Nibbles

- Concepts1. Burp Suite: Tool for web application security testing. - Intercepting Proxy: Acts as a web proxy that allows you to intercept and modify HTTP/S traffic between your browser and the server. - Spider (Crawler): Automates the process of mapping a

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/121

 

Owned Nibbles from Hack The Box!

I have just owned machine Nibbles from Hack The Box

labs.hackthebox.com

 

23. Sense

# CSRF (Cross-Site Request Forgery)


- Utilized Tools: nmap, ssh, metasploit

- Notes: https://goldstaryeon.tistory.com/516

 

[HTB machine] Sense

- This machine is very simillar to reality- We can learn how to distinguish between crashing the system and being banned. This is crucial in real-world penetration testing scenarios. - Concepts1. nibble: A unit of digital information that consists of 4 bi

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/111

 

Owned Sense from Hack The Box!

I have just owned machine Sense from Hack The Box

labs.hackthebox.com

 

24. Valentine

# Heartbleed Bug

 

- Utilized Tools: nmap, sslyze, ssh

- Notes: https://goldstaryeon.tistory.com/518

 

[HTB machine] Valentine

- Concepts1. CCS injection (Change Cipher Spec Injection): Vulnerability that affects the TLS/SSL handshake process, specifically in implementations like OpenSSL. It allows an attacker to inject a crafted ChangeCipherSpec (CSS) message at an unexpected poi

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/127

 

Owned Valentine from Hack The Box!

I have just owned machine Valentine from Hack The Box

labs.hackthebox.com

 

25. Poison

# LFI (Local File Inclusion)

 

- Utilized Tools: nmap, Burp suite, xxd

- Notes: https://goldstaryeon.tistory.com/526

 

[HTB machine] Poison

- Concepts1. Bootstrap: Opensource frontend framework developed by Twitter2. LFI: Local File Inclusion3. index.php: Typically serves as the entry point or default page of a website4. https://github.com/swisskyrepo/PayloadsAllTheThings  GitHub - swisskyre

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/132

 

Owned Poison from Hack The Box!

I have just owned machine Poison from Hack The Box

labs.hackthebox.com

 

26. Sunday

# NFS

# Finger

 

- Utilized Tools: nmap, john, ncat

- Notes: https://goldstaryeon.tistory.com/529

 

[HTB machine] Sunday

- Concepts1. RPC (Remote Procedure Call): Protocol that enables a program to execute a procedure on a remote system as if it were a local function.2. rpcbind: Critical component in the RPC system. It translates RPC program nums into network addresses where

goldstaryeon.tistory.com

- Writeup: https://goldstaryeon.tistory.com/530

 

[HTB machine] Sunday Writeup

1. EnumerationBegin by scanning the target for open ports using nmap.This initial scan is really time-consuming, so optimize it with the following flags:   -T5: Sets the highest timing template for faster execution.   -sS: Initiates a s stealthy SYN sc

goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/136

 

Owned Sunday from Hack The Box!

I have just owned machine Sunday from Hack The Box

labs.hackthebox.com

 

  1. 1. Meow
  2. 2. Fawn
  3. 3. Dancing
  4. 4. Redeemer
  5. 5. Explosion
  6. 6. Preignition
  7. 7. Mongod
  8. 8. Synced
  9. 9. Appointment
  10. 10. Sequel
  11. 11. Crocodile
  12. 12. Responder
  13. 13. Three
  14. 14. Ignition
  15. 15. Pennyworth
  16. 16. Tactics
  17. 17. Archetype
  18. 18. Oopsie
  19. 19. Included
  20. 20. Cap
  21. 21. Bashed
  22. 22. Nibbles
  23. 23. Sense
  24. 24. Valentine
  25. 25. Poison
  26. 26. Sunday
'Study Record/Cybersecurity' 카테고리의 다른 글
  • [HTB Academy] Shells & Payloads Notes(2)
  • [HTB Academy] Shells & Payloads Notes 1
  • [HTB Academy] File Transfers Notes (2)
  • [HTB Academy] File Transfers Notes (1)
Sungyeon Kim
Sungyeon Kim
goldstaryeon@sookmyung.ac.kr
Sungyeon Kim
Sungyeon Kim
Sungyeon Kim
전체
오늘
어제
  • 분류 전체보기 (621) N
    • Paper Review (30)
    • Research Record (9)
    • Study Record (143)
      • Cybersecurity (79)
      • AI Data Science (28)
      • Computer Science (24)
      • Linear Algebra (6)
      • SQL (5)
      • LaTeX (1)
    • English Transcription (261) N
    • 한글 필사 (100)
    • 날것 그대로의 생각들 (74)

인기 글

최근 댓글

최근 글

hELLO· Designed By정상우.v4.5.3
Sungyeon Kim
HackTheBox Pwned Machines Collection
상단으로

티스토리툴바

단축키

내 블로그

내 블로그 - 관리자 홈 전환
Q
Q
새 글 쓰기
W
W

블로그 게시글

글 수정 (권한 있는 경우)
E
E
댓글 영역으로 이동
C
C

모든 영역

이 페이지의 URL 복사
S
S
맨 위로 이동
T
T
티스토리 홈 이동
H
H
단축키 안내
Shift + /
⇧ + /

* 단축키는 한글/영문 대소문자로 이용 가능하며, 티스토리 기본 도메인에서만 동작합니다.