Hack the Box (HTB) Machines Walkthrough Series — Valentine [Updated 2019]

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as begun in the previous article. This walkthrough is of a HTB machine named Valentine.

HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple enumeration plus pentest)  in order to log into the platform and download the VPN pack to connect to the machines hosted on the HTB platform.

Note: Writeups of only retired HTB machines are allowed. The machine in this article, named Valentine, is retired.

Let’s start with this machine.

1. Download the VPN pack for the individual user and use the guidelines to log into the HTB VPN.
2. The Valentine machine IP is 10.10.10.79.
3. We will adopt the same methodology of performing penetration testing. Let’s start with enumeration in order to gain as much information for the machine as possible.
4. We start the enumeration process with an nmap scan. Below is the output of the scan.

<<nmap -sC -sV -oA Valentine 10.10.10.79>> [click the images to enlarge]

5. As you can see, the ports 22,80 and 443 are open. Quickly browsing to port 8 yields the below page

6. Looking into the page source or in image reveals nothing important.

7. Next, let’s start with directory enumeration with gobuster.

<<gobuster -u http://10.10.10.79 -w /ur/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 20>>

8. Gobuster reveals some interesting directories. Let’s explore them one by one.

a. /dev: Below are the contents of the /dev directory:

i. Hype_key: This looks like a hex-encoded file.

ii. notes.txt: This file shows some interesting artifacts about this server.

b. decode

9. Saving the hex file discovered above as hype_key and using the xxd utility on (Read more...)