Hack the Box (HTB) Machines Walkthrough Series – Traceback - Security Boulevard

Hack the Box (HTB) Machines Walkthrough Series – Traceback

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Traceback.

HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple enumeration plus pentest) in order to log into the platform and download the VPN pack to connect to the machines hosted on the HTB platform.

The walkthrough

Note: Only write-ups of retired HTB machines are allowed. The machine in this article, named Traceback, is retired.

Let’s start with this machine.

  1. Download the VPN pack for the individual user and use the guidelines to log in to the HTB VPN.
  2. The Traceback machine IP is 10.10.10.181
  3. We will adopt the usual methodology of performing penetration testing. Let’s start with enumeration in order to gain as much information for the machine as possible.
  4. As usual, let’s start with the nmap scan to gather more information around the services running on this machine.
    <<nmap -sC -sV -oA Traceback 10.10.10.181>>

  5. Starting the enumeration on port 80 reveals the following page.
  6. With less to play with, we got a hit via go-buster, but it seems like we cannot access that page.
  7. Going back to the web page in the source code, there was a comment: “Some of the best web shells that you might need.”
  8. I took a guess and googled it, and we got a git repo for it, which has too many shells in php.
  9. I took down all of their names and formed subdirectories before I finally got a hit on smevk.php. Below is the webpage for it. For username and password, I looked into repo for smevk.php (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/j1rhlAzKilM/