Privesc

Introduction Bashed is a Linux machine on HackTheBox that demonstrates the dangers of leaving development tools exposed on production servers. We’ll discover an exposed web shell, then escalate privileges through sudo misconfigurations and a root cron job. Difficulty: Easy OS: Linux Skills: Web enumeration, sudo abuse, cron job exploitation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/bashed 10.129.2.11 Results: Port Service Version 80 HTTP Apache 2.4.18 (Ubuntu) Only one port open - this is a web-focused box. The page title mentions “Arrexel’s Development Site”. ...

Introduction Devel is a Windows machine on HackTheBox that demonstrates a classic attack chain: anonymous FTP access to a web server’s root directory, allowing us to upload a malicious web shell. We then exploit an unpatched Windows 7 system using a kernel vulnerability to gain SYSTEM privileges. Difficulty: Easy OS: Windows Skills: FTP enumeration, web shell upload, Windows kernel exploitation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/devel 10.129.2.19 Port Service Version 21 FTP Microsoft ftpd 80 HTTP Microsoft IIS 7.5 Key finding from Nmap: ...

Introduction Optimum is a Windows machine on HackTheBox that features a vulnerable HttpFileServer application and privilege escalation through kernel exploitation. This box teaches the importance of checking software versions and using enumeration tools to find the right kernel exploit. Difficulty: Easy OS: Windows Skills: Version-based exploitation, kernel exploit enumeration, Windows privilege escalation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/optimum 10.129.2.30 Port Service Version 80 HTTP HttpFileServer 2.3 Only one port open running HFS 2.3 (HttpFileServer). When we see specific software with version numbers, we immediately check for known exploits. ...

Introduction Shocker is a Linux machine on HackTheBox that teaches the infamous Shellshock vulnerability (CVE-2014-6271). The box name itself is a hint at the attack vector. We’ll exploit a vulnerable CGI script to gain initial access, then abuse sudo permissions on Perl to escalate to root. Difficulty: Easy OS: Linux Skills: CGI enumeration, Shellshock exploitation, sudo abuse Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/shocker 10.129.2.16 Port Service Version 80 HTTP Apache 2.4.18 (Ubuntu) 2222 SSH OpenSSH 7.2p2 Two ports open. SSH on a non-standard port (2222 instead of 22) and Apache web server. ...