Hack the Box (HTB) Machines Walkthrough Series – Optimum

Today we will be continuing with our Hack the Box (HTB) machine series. This article contains the walkthrough of another HTB machine, this one named “Optimum.”

HTB is an excellent platform that hosts machines belonging to multiple OSes. It offers multiple types of challenges as well. The individual can download the VPN pack to connect to the machines hosted on the HTB platform and has to solve the puzzle (simple enumeration plus pentest) in order to log into the platform.

Note: Only writeups of retired HTB machines are allowed. The machine in this article, Optimum, is retired.

Walkthrough

Let’s start with this machine.

1. Download the VPN pack for the individual user and use the guidelines to log into the HTB VPN.

2. The Optimum machine IP is 10.10.10.8.

3. We will adopt the same methodology of performing penetration testing as we have used previously. Let’s start with enumeration in order to gain as much information on the machine as possible.

4. Below is the nmap scan output. As we can see, we have only port 80 open and the service exposed is HFS 2.3. [CLICK IMAGES TO ENLARGE]
<<nmap -sC -sV -oA optimum 10.10.10.8>>

5. For the HFS service there is a known exploit, listed here.

6. Let’s look into the exploit a bit more before running it. As we can see below, the remote code execution violation happens in the search parameter by appending %00 to the command.

7. In the exploit, the author has shown how to exploit the vulnerability, upload nc.exe from the attacking machine and get the shell back.

8. To help make it clear, below is the decoded format of that request.

9. The script also needs to be edited to include the attacking machine (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/QOe2wIUIWF8/