Hack The Box Walkthroughs

  The nmap scan for this box shows port 22 and 80 open nmap scan Lets see what is there on port 80 first. webpage There is nothing on this web page . There are no links to click on and nothing interesting for us is present. directory busting Directory busting also leads us nowhere ,so we might need to look at the version of different technologies on the webpage. wappalyzer Apache and PHP both are interesting but let’s try focusing on PHP as of now because a very interesting  exploit  is available for that. php backdoor We can easily get the shell and the user flag. Now we need to focus on privilege escalation. sudo privileges So we look for sudo privileges and find a command knife which is interesting and we can find information about this  command . knife command knife needs a subcommand and in our case we will use exec subcommand and we give the command to show the root flag using this. root flag We are root! Happy Hacking!!!!

  nmap scan Looking at the nmap scan, we can start by checking out the webpage available to us. login page On this webpage we can try some basic things like trying default credentials but nothing works and we don’t have any credentials. We just have M4LWHERE written at the end which also doesn’t help us logging in. directory busting Directory busting shows some pages and when we visit them we get redirected to login.php. There is one directory of this webpage which is interesting. nav.php But it also does nothing, we can click on different links here and they all lead to login.php. So we can intercept using Burpsuite. We are supposed to login to go to the other directories but since we don’t have credentials ,we can only create account but that too using burpsuite since we can’t access that page. creating account using burpsuite Here we just intercept the request for login.php and then we can replace login.php with accounts.php and also add the confirm part and then the account get...

  We have two ports open on this machine. nmap scan We start with port 80 and there is a login page available on it which can create an account as well as help us login but we don’t have any credentials at this point. webpage We don’t have credentials and forgot password needs email which again we don’t have, creating an account also requires a valid email. Given we can’t come up with any solution here. We can try searching for exploits related to Drupal 7, its given in nmap scan that the target has Drupal 7 and there is one exploit which stands out  Drupalgeddon2  . It is very easy to use but while using this we might face some issue. fixing LoadError Its very easy to fix the error and it might come depending on the system or it might not come. After fixing the error when we try the exploit it runs without any error. apache user access After this we can search for credentials here but we can’t change directory here so getting some information  online  about the...