Hacking
Hacking
Github
Twitter
Hacking, Bug Bounties & Penetration Testing
Methodologies
Basic Buffer Overflow
Basic Internal Network test
Basic Mobile Testing guide
Basic Subdomain Enumeration guide
Guides
Build A Raspberry Pi Dropbox
Hack The Box last updated - 2019
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered by GitBook

Lazy

Lazy - 10.10.10.18

Target Enumeration:

OS: Linux

IP: 10.10.10.18

User: d558e7924bdfe31266ec96b007dc63fc

Root: 990b142c3cefd46a5e7d61f678d45515

Ports / Services / Software Versions Running

22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)

80/tcp open http Apache httpd 2.4.7 ((Ubuntu))

Vulnerability Exploited:

Authentication bypass to gain access to web application

Privilege Escalation:

Executable file with weak permissions

Exploiting the host:

Nmap

Visiting the web application

Cant create an admin user as already exists

Create a new user with the name admin= and we discover an ssh key.

Download key with wget and change permissions then login with the ssh key

Unusual file called backup in home dir which reads the /etc/shadow file

Strings shows us it uses cat

Create a file called cat in the home dir with the contents:

#!/bin/bash
/bin/sh
Make it executable with
chmod 777 cat

Export the path to the users home dir so it picks up the malicious file cat first.

Execute the file to get root.

Hack The Box last updated - 2019 - Previous
October
Next - Hack The Box last updated - 2019
Sneaky
Last updated 2 years ago
Contents
Lazy - 10.10.10.18
Target Enumeration:
Ports / Services / Software Versions Running
Vulnerability Exploited:
Privilege Escalation:
Exploiting the host: