(Fix) – SSL routines::ca md too weak

This week after downloading again my htb vpn package I had an issue trying to connect to the Hack The Box labs. After searching a bit I found this resource that give me a fix. You just have to add tls-cert-profile insecure and modify cipher AES-128-CBC to data-ciphers-fallback AES-128-CBC After that you get the usual 2023-04-30 11:37:34 Initialization Sequence Completed

HTB Funnel

$ nmap -v -sV -p- –min-rate 5000 $ ftp Users detected: According to the password policy found, the default’s password is funnel123#!# $ ssh christine@ Which service is running on TCP port 5432 and listens only on localhost? christine@funnel:~$ ss -tulpn Port 5432 is usually used by PostgreSQL As we don’t have access to the previously mentioned service from our local machine, we need to create a tunnel

HTB Synced

Today we return with a new of the very easy HTB boxes to try to finish them all. $ nmap -v -p- –min-rate 5000 Rsync port is 873/tcpLet’s see which version rsync is using… $ nmap -v -p873 -sV –min-rate 5000 Another option: $ nc -vn 873 Rsync protocol is version 31. From Linux, we can interact with rsync with the tool rsync. $ rsync –help $

HTB Mongod

This is another of the Very easy HTB Starting Point boxes. $ nmap -sV -p- –min-rate 5000 As we can see in the Nmap results we hava a MongoDB version 3.6.8 MongoDB is a NoSQL database.You can find more information in their documentation here: To be able to interact with the db, we need to install the MongoDB package into our Kali Linux. it is included in the

HTB Tactics

$ nmap -v -Pn We can see, that box has SMB enabled on port 445.SMB stand for Server message block. $ smbclient -L if we don’t add a -U parameter, the smbclient request will be performed using the current user. So, the only user we currently know that the box will contain is the Administrator, so we can use it. $ smbclient -L -U Administrator $ smbclient

HTB Pennyworth

We continue with another very easy HTB box. $ nmap -p- -sV –min-rate 5000 Here we have a Jetty Jetty 9.4.39.v20210325 Jetty provides a web server and servlet container, additionally providing support for HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations. If we go to, we’ll be redirected to This is a Jenkins server. Leading open source automation server, Jenkins provides hundreds of plugins

HTB Bike

This is another of the HTB Starting Point’s very easy boxes. $ nmap -v -p- -sV –min-rate 5000 Access to According to the Nmap scan, the site runs under node.jsWappalyzer describes the Web Framework as Express. There is no email address control checking of the input: In fact, it seems that any input is reflected in the result. If we check for Server-Side Template Injection: The template engine

HTB Ignition

This is another of the Very easy HTB Starting Point boxes. $ sudo nano /etc/hosts $ nmap -p- -A -sV Access to http://ignition.htb/ $ dirsearch -u http://ignition.htb -i 200 Access to http://ignition.htb/admin/ Based on HTB questions, the username is admin. As there is a form_key parameter it’s most difficult to brute-force.So, we can try then to guess manually the password using the most usual passwords. We can find more

HTB Responder

This is another of the HTB Starting Point boxes classified as very easy. $ nmap -p- -min-rate 5000 –open -v If we try to access to we’ll be redirected to http://unika.htb but we can’t see the site. So, let’s add it to our /etc/hostsNow we’ll obtain the correct site: $ whatweb http://unika.htb Here we can see that this site runs with php, over an Windows Apache webserver. Checking

HTB Redeemer

This is one of the starting point HTB boxes.It is rated as a very easy and only have 1 flag. $ nmap -p- -A –min-rate 5000 So, we are facing a Redis v5.0.7 instance. According to its site: Redis is an open source (BSD licensed), in-memory data structure store used as a database, cache, message broker, and streaming engine. Redis provides data structures such as strings, hashes, lists, sets,