Talisman – Difficulty: Intermediate
Summary: This is from the HackSmarter Platform and it was my first box there. Used AI via kali new tool “gemini-cli” to help get through this box.
Cockpit – Difficulty: Intermediate
Summary: WAF evasion that allows SQLi to get complete authentication bypass. Webapp security misconfiguration that leads to RCE and a sudo permission misconfiguration on a tar wildcard allows for priv esc.
Apex – Difficulty: Intermediate
Summary: I go through the entire pen tester methodology more than once in this box, really understanding how pen testing is cyclical in nature. Leveraging smb null sessions, public CVE exploits, modifying exploits, retrieving admin credentials, password reuse and much more.
Boolean– Difficulty: Intermediate
Summary: This box by Offsec does a great job at using specific web enumeration techniques to unravel how a security misconfiguration in a client supplied field can allow for authentication bypass and ultimately system compromise.
Spider Society – Difficulty: Intermediate
Summary: A blended approach of web fuzzing, credential-based access validation, and service exploitation was used; these techniques were chained to escalate privileges and ultimately achieve system compromise.
Sea – Difficulty: Intermediate
Summary: Ftp anonymous sessions, log analysis, and cleartext credentials. Sometimes it’s just that easy. The community rated this box as intermediate, but I felt this was extremely easy and straight forward. Maybe I just didn’t fall for the rabbit holes on this box.
Active – Difficulty: Easy
Summary: Hack the Box Windows Active Directory Machine that uses smb null sessions and vulnerable Group Policy vulnerability in older Windows Server versions to extract domain/account information and compromise the system.
Forest – Difficulty: Easy
Summary: Hack the Box Windows Active Directory Machine that focuses on preauthentication domain queries to get initial access on the machine. Tools like BloodHound assist in the visual AD attack path to compromise the Domain Controller.
Dog – Difficulty: Easy
Summary: Hack the Box Windows Active Directory Machine that focuses on preauthentication domain queries to get initial access on the machine. Tools like BloodHound assist in the visual AD attack path to compromise the Domain Controller.
BankSmarter – Difficulty: Intermediate
Summary:
Pelican – Difficulty: Intermediate
Summary:To exploit this lab, you’ll achieve an initial foothold through an unauthenticated command injection vulnerability. Following that, you’ll gain root access by leveraging sudo to disclose a password. This lab enhances your skills in identifying and exploiting command injection vulnerabilities and understanding privilege escalation techniques.