Hack the Box (HTB) machines walkthrough series — Curling

Today, we’ll be continuing with our series on Hack the Box (HTB) machines. This article contains the walkthrough of an HTB machine named Bounty.

HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple enumeration plus pentest)  in order to log into the platform and download the VPN pack to connect to the machines hosted on the HTB platform.

Note: Only write-ups of retired HTB machines are allowed. The machine in this article, named Curling, is retired.

The walkthrough

Let’s start with this machine.

1. Download the VPN pack for the individual user and use the guidelines to log into the HTB VPN.

2. The Curling machine IP is 10.10.10.150.

3. We will adopt the same methodology of performing penetration testing that we’ve used previously. Let’s start with enumeration in order to learn as much about the machine as possible.

4. As usual, let’s start with the Nmap scan to gather more information about the services running on this machine. [CLICK IMAGES TO ENLARGE]
<<nmap -sC -sV -oA Curling 10.10.10.150>>

5. We have some standard ports, such as 22 and 80, discovered. From the Nmap scan, it was also enumerated that Joomla CMS is running.

6. Browsing port 80 returns a Cewl Curling site page.

7. Looking into the source code of the page reveals the text “secret.txt.” Checking this via the browser results in an actual site page which has supposedly some secret.

8. Running out of options, we’ll start Gobuster to enumerate other directories as well.
<<gobuster -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.10.10.150 -t 20>>

9. We got some interesting hits such as /administrator. Browsing that page results in the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/xrvqMLKCilM/