Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

Hack The Box: Attacking Enterprise Networks - Module 163 .

Puntuación
-
Vendido
-
Páginas
109
Grado
A+
Subido en
27-05-2026
Escrito en
2025/2026

Attacking Enterprise Networks: Link to challenge: (log in required) Class: Tier II | Medium | Offensive Before we begin: throughout the module we will need to configure our pwnbox /etc/hosts File by adding the line: [target machine IP] [required vhosts] To link the vhost to the target IP address. For example: It can be done with the command sudo nano /etc/hosts then pasting the configuration modification, and save and exit with ctrl+x. Throughout the module this process would be called ‘initial configuration’ External Testing External Information Gathering: Question: Perform a banner grab of the services listening on the target host and find a non-standard service banner. Submit the name as your answer (format: word_word_word) Answer: 1337_HTB_DNS Method: First, we will need do initial configuration on vhost ‘’ and the target IP. Now lets run nmap to check for any non-standard services, we will use the command: sudo nmap --open -p 1-10000 where our target of course is ‘’ (which we linked to the target machine IP), scanning for the first 1000 ports, displaying what of them are open: Lets inspect it further with the command: sudo nmap --open -p 1-10000 -A -oA inlanefreight_ept_tcp_all_svc saving the output in an output file called ‘inlanefreight_ept_tcp_all_svc’, as the output result is way way too much long and noicy, here is a small sample of it: Running ls we have those 3 formats of the output file Lets inspect further the ‘gnmap’ ( ) We will use the command: egrep -v "^#|Status: Up" inlanefreight_ept_tcp_all_ | cut -d ' ' -f4- | tr ',' 'n' | sed -e 's/^[ t]*//' | awk -F '/' '{print $7}' | grep -v "^$" | sort | uniq -c | sort - k 1 -nr And we have the answer here as ‘unknown banner’. Question: Perform a DNS Zone Transfer against the target and find a flag. Submit the flag value as your answer (flag format: HTB{ }). Answer: HTB{DNs_ZOn3_Tr@nsf3r} Method: we will run zone transfer on the domain using the command: dig axfr @ We can see the flag under the subdomain ‘’ Question: What is the FQDN of the associated subdomain? Answer: Method: see above. Question: Perform vhost discovery. What additional vhost exists? (one word) Answer: monitoring Method: we will run the command ffuf -w /usr/share/seclists/Discovery/DNS/:FUZZ -u to use ‘ffuf’ tool to brute force subdomains, using the wordlist which is built in, in the box in the path ‘/usr/share/seclists/Discovery/DNS/’: The subdomain that was found and is not detected in the zone transfer is ‘monitoring’. Service Enumeration & Exploitation: Question: Enumerate the accessible services and find a flag. Submit the flag value as your answer (flag format: HTB{ }). Answer: HTB{0eb0ab788df18c3115ac43b1c06ae6c4} Method: we will check the ftp service, we will run the command: ftp target-IP and on the credentials we will enter ‘anonymous’ for username and blank password: Running ‘ls’ we can see there is , lets download it to the pwnbox machine with the command: get Lets exit the ftp server, and cat the flag we had just downloaded: Web Enumeration & Exploitation: Question: Use the IDOR vulnerability to find a flag. Submit the flag value as your answer (flag format: HTB{}). Answer: HTB{8f40ecf17ffa5728c159e46} Method: First, we will need do initial configuration on vhost ‘’ and the target IP. When its done, lets enter in the pwnbox browser the URL: ‘’ lets create an account: Then lets login to it

Mostrar más Leer menos
Institución
Hack The Box
Grado
Hack The Box

Vista previa del contenido

Attacking Enterprise Networks:
Link to challenge: https://academy.hackthebox.com/module/163
(log in required)
Class: Tier II | Medium | Offensive


Before we begin: throughout the module we will need to configure our
pwnbox /etc/hosts File by adding the line:
[target machine IP] [required vhosts]
To link the vhost to the target IP address. For example:



It can be done with the command
sudo nano /etc/hosts
then pasting the configuration modification, and save and exit with ctrl+x.
Throughout the module this process would be called ‘initial configuration’

,External Testing
External Information Gathering:
Question: Perform a banner grab of the services listening on the target host
and find a non-standard service banner. Submit the name as your answer
(format: word_word_word)
Answer: 1337_HTB_DNS
Method: First, we will need do initial configuration on vhost
‘inlanefreight.local’ and the target IP.


Now lets run nmap to check for any non-standard services, we will use the
command:
sudo nmap --open inlanefreight.local -p 1-10000
where our target of course is ‘inlanefreight.local’ (which we linked to the target
machine IP), scanning for the first 1000 ports, displaying what of them are
open:




Lets inspect it further with the command:
sudo nmap inlanefreight.local --open -p 1-10000 -A -oA
inlanefreight_ept_tcp_all_svc
saving the output in an output file called ‘inlanefreight_ept_tcp_all_svc’, as the
output result is way way too much long and noicy, here is a small sample of it:

,Running
ls
we have those 3 formats of the output file




Lets inspect further the ‘gnmap’ (




)
We will use the command:
egrep -v "^#|Status: Up" inlanefreight_ept_tcp_all_svc.gnmap
| cut -d ' ' -f4- | tr ',' '\n' | sed -e 's/^[ \t]*//' | awk
-F '/' '{print $7}' | grep -v "^$" | sort | uniq -c | sort -
k 1 -nr




And we have the answer here as ‘unknown banner’.

,Question: Perform a DNS Zone Transfer against the target and find a flag.
Submit the flag value as your answer (flag format: HTB{ }).
Answer: HTB{DNs_ZOn3_Tr@nsf3r}
Method: we will run zone transfer on the domain using the command:
dig axfr inlanefreight.local @inlanefreight.local




We can see the flag under the subdomain ‘flag.inlanefreight.local’


Question: What is the FQDN of the associated subdomain?
Answer: flag.inlanefreight.local
Method: see above.


Question: Perform vhost discovery. What additional vhost exists? (one word)
Answer: monitoring
Method: we will run the command
ffuf -w /usr/share/seclists/Discovery/DNS/namelist.txt:FUZZ
-u http://inlanefreight.local/ -H
'Host:FUZZ.inlanefreight.local' -fs 15157
to use ‘ffuf’ tool to brute force subdomains, using the wordlist namelist.txt
which is built in, in the box in the path
‘/usr/share/seclists/Discovery/DNS/namelist.txt’:

,The subdomain that was found and is not detected in the zone transfer is
‘monitoring’.


Service Enumeration & Exploitation:
Question: Enumerate the accessible services and find a flag. Submit the flag
value as your answer (flag format: HTB{ }).
Answer: HTB{0eb0ab788df18c3115ac43b1c06ae6c4}
Method: we will check the ftp service, we will run the command:
ftp <target-IP>
and on the credentials we will enter ‘anonymous’ for username and blank
password:

,Running ‘ls’ we can see there is flag.txt, lets download it to the pwnbox
machine with the command:
get flag.txt




Lets exit the ftp server, and cat the flag we had just downloaded:

,Web Enumeration & Exploitation:
Question: Use the IDOR vulnerability to find a flag. Submit the flag value as
your answer (flag format: HTB{}).
Answer: HTB{8f40ecf17f681612246fa5728c159e46}
Method: First, we will need do initial configuration on vhost
‘careers.inlanefreight.local’ and the target IP.
When its done, lets enter in the pwnbox browser the URL:
‘http://careers.inlanefreight.local’




lets create an account:




Then lets login to it

,And now when are logged in:




Here are the main dashboard of our user, pay attention that our user was
assigned the ‘id’ parameter of ‘9’.
Now – IDOR attack means ‘Insecure Direct Object Reference’, so lets try to
change the ID value to something else.. lets say 1:




We got the job list of another user! (note, it will not work without registering
first to our own user).
After some trial and error, lets try id=4:

,Question: Exploit the HTTP verb tampering vulnerability to find a flag. Submit
the flag value as your answer (flag format: HTB{}).
Answer: HTB{57c7f6d939eeda90aa1488b15617b9fa}
Method: First, we will need do initial configuration on vhost
‘dev.inlanefreight.local’ and the target IP.


Now, lets use ‘gobuster’ to enumerate the domain for pages, we will use the
wordlist ‘common.txt’ in ‘/usr/share/seclists/Discovery/Web-
Content/common.txt’ built in in the pwnbox.
We will use the command:
gobuster dir -u http://dev.inlanefreight.local -w
/usr/share/seclists/Discovery/Web-Content/common.txt -x .php
-t 300
where dev.inlanefreight.local is our vhost of course:




*
*

, Lets attempt to enter the ‘upload.php’ page, the status code is 200 so we
should succeed:




We got ‘403 forbidden’ response, which contradict the gobuster ‘upload.php’
status code ‘200’ response.
We need to examine the page further.
Lets use the web investigation and analysis tool ‘burpsuite’:
burpsuite
when entering, a burpsuite window will open, select ‘next’ and ‘start’ until we
see the burpsuite main dashboard:




Lets go to ‘proxy’  ‘open browser:

Libro relacionado

Escuela, estudio y materia

Institución
Hack The Box
Grado
Hack The Box

Información del documento

Subido en
27 de mayo de 2026
Número de páginas
109
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$30.39
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
Scholarfriends University Of Arizona
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
731
Miembro desde
8 año
Número de seguidores
647
Documentos
24
Última venta
5 año hace
Welcome for all notes and test banks.

Welcome for all notes, exam guides, and test banks among others. Feel free to contact me for custom and dedicated service.

3.8

19 reseñas

5
9
4
4
3
2
2
2
1
2

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes