Box Info OSLinuxDifficultyEasy Nmap [root@kali] /home/kali ❯ nmap Chemistry.htb -sS -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-17 20:11 CST Nmap scan re…

Box Info OSLinuxDifficultyMedium Nmap [root@kali] /home/kali/Heal ❯ nmap -sSCV -Pn heal.htb Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-15 17:29 CST Nmap scan re…

Box Info OSLinuxDifficultyEasy Nmap [root@kali] /home/kali ❯ nmap -sSCV -Pn LinkVortex.htb Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-08 21:44 CST Nmap scan rep…

Box Info OSWindowsDifficultyMedium As is common in Windows pentests, you will start the Certified box with credentials for the following account: Username: judith.mader Passwo…

Box Info OSWindowsDifficultyMedium As is common in real life Windows pentests, you will start the Administrator box with credentials for the following account: Username: Olivi…

Box Info OSWindowsDifficultyHard As is common in real life Windows pentests, you will start the Vintage box with credentials for the following account: P.Rosa / Rosaisbest123 …

Box Info OSLinuxDifficultyEasy Nmap Scan nmap alert.htb -sC -sV -T4 -Pn 开放端口：22、80，httpserver是Apache 进入80端口的网页，发现存在Markdown文件上传 根据题目名称Alert猜测，应该与XSS漏洞有关 Subdomain Fuzz ffuf -w…

Box Info OSLinuxDifficultyEasy User.txt 进入网页，点击Security Snapshot，可以看到url进入到了/data/4，下面存在download路由，将其下载下来，并没有任何东西 尝试遍历/data目录下的数字，在/data/0发现不同的文件 使用wireshark进行查看，发现在FTP协议中存在账户…

Box Info OSWindowsDifficultyEasy Nmap Scan 发现靶机存在smb网络文件共享服务 使用smbclient连接，发现以下的目录 并且在HR的目录下发现了一个txt文件 Dear new hire! Welcome to Cicada Corp! We're thrilled to have you join o…

Box Info OSLinuxDifficultyMedium Git Hack 我在trickster的主域名发现了一个shop的子域名网站 这个shop看起来像是使用PrestaShop搭建，我搜索了一下相关的漏洞，无法直接使用 并且尝试了shop里的各种注入点，没有明显的漏洞，不过在我遍历目录的时候，发现了.git的目录 然后我使用Gith…