One of VBScripts boxes on windows focuses heavily on reversing applications to crack credentials. Run Nmap Only 445 is open? Lets run again with the -p- flag to confirm, feeling like another evil-winrm box. Foothold Enumeration Running a quick nmap scan for vulnerabilities doesn’t give us anything. We get the hostname. Enum4Linux doesn’t get us … Continue reading Nest


This box is a mixture of CVEs, mis-configurations and GTFObins Run Nmap Quick scan shows us a webserver and ssh are open. We will run a more intensive scan to double check and get dirb running. We also see Nostromo 1.9.6 is the webserver running. While those scans run lets research this. Run Dirb Nostromo … Continue reading Traverxec


This is an interesting box that mixed lazy admins with the risks of cloud based authentication. Run nmap First time in HTB nmap says the host is down. Wonder if somebody has been messing with the box or its part of the challenge. Lets force Nmap to scan even with the box showing its down … Continue reading Monteverde