This was a classified as a medium difficulty box by felamos from HackTheBox. Our foothold into this box starts on its webpage on port 8080, where we will find an “Online YAML Parser” which is vulnerable to SnakeYaml Deserialization attack, we can upload a YAML payload from the web application and the server-side will parse it using the SnakeYaml library. So, we’ll let it “parse” a Java payload to get remote code execution, and gain our foothold....
This was classified as an easy difficulty machine by MrKN16H7 on HackTheBox that has a webpage on port 80, running a developmental version of PHP which is vulnerable to remote code execution. We will analyze the vulnerability and then use a script by Richard Jones on PacketStorm to gain our foothold on the box. And finally, our privilege escalation vector will be a binary named knife which is a command line tool to manage the infrastructure automation tool called Chef....
This was classified as an easy machine by MrAgent on HackTheBox that is running a webpage containing an image and also running an Internet Relay Chat (IRC) application that contains a remote code execution vulnerability which we will analyze and exploit to gain a foothold on the box. For the privilege escalation part, we will find a setuid binary, since the SUID bit is set for root; we will abuse this binary and get root....
This was classified as an easy machine by mrb3n on HackTheBox. We will find a webpage on port 80 with an image, running a directory brute force on it with a trailing slash; we will find a user.sh. We will intercept this request, find out that it is vulnerable to ShellShock (CVE-2014-6271) and gain a foothold in the box. To privilege escalate, we will find that the user can run Perl as root, then we will run Perl to execute Bash....
This was classified as an easy machine but took tons of enumeration and tradecraft. This was an awesome learning opportunity by HackTheBox. The box is running a webserver, while enumerating, we find an OpenNetAdmin instance which is vulnerable to remote code execution; which will be our entry point. Finally, the privilege escalation vector will be the nano editor. OS Difficulty IP Address Status Linux Easy 10.10.10.171 Retired Phase 1 - Enumeration Nmap As usual, we start off with an Nmap to identify open ports....