Hacking
Github
Twitter
Search…
Hacking
Hacking, Bug Bounties & Penetration Testing
The Hacker Lab
Methodologies
Basic Buffer Overflow
Basic Internal Network test
Basic Mobile Testing guide
Basic Subdomain Enumeration guide
Guides
Build A Raspberry Pi Dropbox
Golang
Powershell / PowerView
Hack The Box last updated - 2019
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered By
GitBook
Europa
Europa - 10.10.10.22
Target Enumeration:
OS: Linux
IP: 10.10.10.22
User: 2f8d40cc05295154a9c3452c19ddc221
Root: 7f19438b27578e4fcc8bef3a029af5a5
Ports / Services / Software Versions Running
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
443/tcp open ssl/http Apache httpd 2.4.18 ((Ubuntu))
Vulnerability Exploited:
SQLi Authentication bypass
Privilege Escalation:
Misconfigured cronjob
Exploiting the host:
Nmap
SSL certificate gives us a new domain so update hosts file:
Visiting the site gives us a login page.
Capture a login with burp and send it to the intruder to be fuzzed for sqli
Can bypass the login with an sqli payload:
​
Request this payload in the browser and we are logged in
Under the tools tab you can generate a VPN config file so test it for command execution.
Eventually we found it is vulnerable using the following command:
​
Successfully hitting our server:
Generate a php reverse shell with msfvenom and host it in the webroot
Generate a reverse shell with nc and URL encode it.
Shell spawned on 443
Another misconfigured cronjob
Inspecting the file shows us that it is executing another sh file located in /var/www/cmd/
So create the file and wait for it to execute
Now we have a root shell and collect our flags
Hack The Box last updated - 2019 - Previous
Joker
Next - Hack The Box last updated - 2019
Haircut
Last modified
3yr ago
Copy link
Contents
Europa - 10.10.10.22
Target Enumeration:
Ports / Services / Software Versions Running
Vulnerability Exploited:
Privilege Escalation:
Exploiting the host: