HackTheBox “Bastard” Walkthrough
Tags
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | a6d30e08-dde3-4d3c-a513-529d482a24fb |
| Fingerprint | 35839d19819e3781 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | June 17, 2023, 3:52 p.m. |
| Added to db | June 17, 2023, 6 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | HackTheBox “Bastard” Walkthrough |
| Title | HackTheBox “Bastard” Walkthrough |
| Detected Hints/Tags/Attributes | 25/1/19 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 56 | cve-2018-7600 |
|
| Details | Domain | 1 | drupal.py |
|
| Details | Domain | 339 | system.net |
|
| Details | File | 1 | drupal.py |
|
| Details | File | 9 | invoke-powershelltcp.ps1 |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 5 | juicypotato.exe |
|
| Details | File | 2 | c:\temp\juicypotato.exe |
|
| Details | File | 5 | shell.bat |
|
| Details | File | 3 | c:\temp\shell.bat |
|
| Details | IPv4 | 15 | 10.10.14.8 |
|
| Details | IPv4 | 2 | 10.10.10.9 |
|
| Details | IPv4 | 4 | 10.10.14.4 |
|
| Details | IPv4 | 4 | 10.10.14.5 |
|
| Details | Url | 4 | http://10.10.14.8:8080/invoke-powershelltcp.ps1 |
|
| Details | Url | 1 | http://10.10.10.9 |
|
| Details | Url | 1 | http://10.10.14.4:8080/juicypotato.exe |
|
| Details | Url | 1 | http://10.10.14.5:8080/invoke-powershelltcp.ps1 |
|
| Details | Url | 1 | http://10.10.14.5:8080/shell.bat |