Prerequisite

Some things that need to be prepared to play Hack The Box machines.

Last updated 1 year ago

Was this helpful?

Prerequisite

Some things that need to be prepared to play Hack The Box machines.

Before starting the work on HTB machines, always add the IP address to /etc/hosts on our machine. Example:

nino@nakano:~$ cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       nakano
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

#HackTheBox
10.10.11.105    horizontall.htb api-prod.horizontall.htb
.....

Common tools

Here are some commonly used tools for working on HackTheBox machines.

- for port scanning
- directory scanning & vhost discovery

can be used for performing directory scanning as well as vhost bruteforce (subdomain enumeration). That's why I prefer using Ffuf over other tools because this single tool can be used for multiple purposes.

- Wordlist

Seclists is a collection of wordlists that will be very useful when performing fuzzing.

Reverse Shell

TTY Shell

"Magic trick" for achieving a stable Full TTY shell (works on bash):

user@remote-server:~$ python3 -c "import pty; pty.spawn('/bin/bash')"

Then press CTRL+Z to pause the shell process. Next, execute the following command to disable input buffering and echo, making the reverse shell more responsive.

user@local:~$ stty raw -echo

After that, run the following command to bring the shell process to the foreground.

user@local:~$ fg

Lastly, execute the following command to set the TERM environment variable to xterm, ensuring smooth operation of the interactive shell.

user@remote-server:~$ export TERM=xterm

Useful Resources

Alright, that's it for this update. I'll provide more updates later.

PreviousAbout NextReconnaissance

Last updated 1 year ago

Was this helpful?