Hack The Box : Dog

 Hi guys.

It's been a while. Today I will do a simple writeup on the Hack The Box machine which is now retired named 'Dog'. It is an Easy difficulty machine. I did this box during active period and the material was stored for quite sometime in my laptop but didn't have the burning passion to put this into blog. Since I'm trying to lit my passion back up, might as well put this here before I proceed to port most of my stuff to Github. Also for context, I actually started HTB during that time you need to get those invites by hacking the website. It's actually super fun but I only did web challenge. Somehow got too busy with IRL jobs and left it to collect dust. Now I started doing the box for more knowledge and as preparation for OSCP exam.

Now lets start.

1) First step is to always nmap the box to search for open ports. the usual command that I use is nmap -sS -sV -sC -o <name of file>.txt <ip>

2) After getting the results, we can see that the machine has port 80 (website) which we will look later. What got my first attention was the http-git. It seems that the website has .git folder exposed. We can simply download it using git-dumper. Usually .git folder stored a lot of sensitive information that an attacker can use to further go into the system. It is like a goldmine for attacker.

3) Upon going through the file the we just dumped, settings.php seems to have some credentials stored in it. We can save this info and use it later.

4) Now we open the website served on port 80. We can see a login panel. Next we need to find the username since we already had a password that we can try.

5) After skimming through the files, we found a username that we can potentially use to login into the website.

6) Now we can check if the username and password can be used to login into the website.

7) Boom. Now we managed to login into the website. For context, human being have the tendency to use the same password across multiple website since it's normally hard to keep track of password you used for different website. The same applies to real world penetration testing where you can find people using the same password across multiple websites.

8) Since we managed to login into the website, we need to find a vulnerability to further get into the system. We know that the website uses BackDrop CMS version 1.27.1 upon going through the function in the website which we can search for vulnerabilities online. Upon searching, we found that the version of CMS is vulnerable to RCE which we can use to go further into the system.

9) Download the script and follow the instruction given in the script. 

10) Since the website only accept tar.gz extension, we need to convert it first.


11) Convert the file to suitable extension.

12) Upload the file into the website.

13) Set up a listener and run the reverse shell script.

14) Check the listener for successful connection and we successfully get a shell in the machine.

15) Convert the shell into interactive shell.

16) Going through the files and folders, we found that johncusack has the user.txt flag.

17) Now we need to ssh using johncusack to get the user flag. Since we only know 1 password, we can try using it for the ssh credentials and BOOM we managed to login as johncusack.

18) Now, we can get user.txt and submit it via flag submission section.

19) Next we need to get the next flag which is root.txt. First thing first is to run sudo -l to check for permission. We can see that we are able to run sudo on bee. We can run it and see what we can do with bee and how to use/run it.

20) Upon running the command, it says "The required bootstrap level for 'eval' is not ready". You can search for the error online and figured out what it means.

21) Now we know how to run bee after checking and it's time to get the those juicy root.txt flag.

Since this is like my first box when I started doing Hack The Box, you can see that I have a lot more to improve on the methods etc. Also I purposely skipped some of the details so that you can experience it and learn to do it yourself. This way, you can learn instead of copy and paste everything. I also started this way by doing retired box and following the writeup to get to know how to do it. 

It's never to late to learn and don't be discourage to use it to learn more. People would say "You used the writeup, that's why you can do it". Ignore those haters and start working on it. It would tremendously helped you later on.

That's it for today. Till then just start your hacking journey on Hack The Box and good luck.

Bye.

Comments

Post a Comment

Popular posts from this blog

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

Image
Hi All, Today I will share POC on vulnerability found during pentest. As per the title, I recently found SQL Injection vulnerability on a thick client.  To read more about thick client, click here :  https://techterms.com/definition/thickclient Thick clients, also called heavy clients, are full-featured computers that are connected to a network.  While a thick client is fully functional without a network connection, it is only a "client" when it is connected to a server. The server may provide the thick client with programs and files that are not stored on the local machine's hard drive.   Exploit Title:   Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. Details & Description :   SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly pl...
Read more

Setting up MobSF in Ubuntu 18.04

Image
Hi guys, It's been a while since I last updated the blog. Been busy. So, for today I will be giving guide on how to setup MobSF in Ubuntu 18.04 . There is a lot of guide out there about how to setup MobSF. I'm here to give out step by step guide to set it up as per my own experience. The main reason of using Ubuntu 18.04 is because it has a built-in Python 3.6 and pip3 version 9.0.1 which is the requirements to setup MobSF. It's pretty much simplify the process of setting up MobSF. *Note that this is a guide to setup MobSF for static analysis. For dynamic analysis, you can refer to MobSF page in github. MobSF also known as Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing. Can further read about MobSF here:  https://github.com/MobSF/Mobile-Security-Framework-MobSF For Ubuntu 18.04 can be downloaded ...
Read more

Setting up RMS in Ubuntu 18.04

Image
Hi peeps, It's been a while since my last post. Been busy. So, for today I would like to share on how to setup RMS (Runtime Security Mobile) in Ubuntu 18.04. RMS -  https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security "Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime." "You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff." This is a continuation of my post here  https://faudhzanrahman.blogspot.com/2019/09/setting-up-mobsf-in-ubuntu-1804.html  where I did a setup on MobSF.  I'm currently trying to set a box where it contains all sort of testing tools specifically for mobile . Now I have both MobSF and RMS setup in this box which is the Ubuntu 18.04. The same reason of setting RMS in this box is because the requirements fits Ubuntu 18.04. T...
Read more