ECHOBUBBLE v1

Take a peek around and see what you might find

- [HTB]: Funnel Walkthrough

Introduction

Last time, we took a peak at a poorly misconfigured Windows machine. Today, we will switch things up a bit and take a look at the machine Funnel. This is a beginner level machine that primarily explores port forwarding and tunneling in order to gain escalated privileges within a network. Let’s get to pwning!

Task 1:

Simple nmap -sC -sV -sT scan output:

Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_drwxr-xr-x    2 ftp      ftp          4096 Nov 28  2022 mail_backup
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:{KALI MACHINE}
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 3
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA)
|   256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA)
|_  256 18:cd:9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

How many TCP ports are open?


Read more

- General Update and Cracking HTB Starting Point Machines 1/3

Update: Not dead.

YO!

I realized it’s been quite a while since the first ever article got posted back in july. Well, the bubble is still alive and definitely not dead. Stay tuned for more articles to come.

OKAY! With that out of the way, let’s now dive into the real meat of the matter.

Step into the ring!

Hack The Box is an incredible time investment if you want to dip your toes into the world of penetration testing. You get access to high quality machines of varying difficulty to hack on all in a legal and gamified way.


Read more