# 靶機 https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159 ## HTB ### ~~Lame~~ ### ~~brainfuck~~ ### ~~shocker~~ ### ~~bashed~~ ### ~~nibbles~~ ### ~~beep~~ ### ~~cronos~~ ### ~~nineveh~~ ### ~~sense~~ ### ~~solidstate~~ * email ### ~~node~~ * base64 --decode * password cracker (fcrackzip) * kernel exploit: ![](https://i.imgur.com/yJsUaw5.png) ![](https://i.imgur.com/ANT23EP.png) ### ~~valentine~~ * Convert hexadecimal to text ### ~~poison~~ * base64 encoded ![](https://i.imgur.com/1kj4boA.png) * LFI * proxychains ### ~~sunday~~ * hashcat * wget --post-file ### ~~Irked~~ * IRC * Steghide ### tartarsauce * [gtfobins](https://gtfobins.github.io/gtfobins/tar/#sudo) * pspy32 ### ~~Friendzone~~ (good) * nmap --script smb-enum-shares.nse -p445 10.10.10.123 ### Swagshop (有 bug 暫時不打) ### ~~Networked~~ * [exiftool](https://www.hackingarticles.in/hack-the-box-networked-walkthrough/) * nc * [ Redhat/CentOS root through network-scripts](https://vulmon.com/exploitdetails?spm=a2c6h.12873639.article-detail.126.11ab1f37lE8V1l&qidtp=maillist_fulldisclosure&qid=e026a0c5f83df4fd532442e1324ffa4f) ![](https://i.imgur.com/Mu9ewO4.png) ### ~~jarvis~~ (大量 sql 技巧) * [MySQL SQL Injection](https://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet) * SUID * systemctl enable /home/pepper/666.service 技巧 ### ~~mirai~~ * 樹莓派 raspberry pi * strings 指令 ![](https://i.imgur.com/ogL9sVF.png) ### pipcorn * BurpSuite 使用(把圖片.png 改成.php) * kernel 提權