Skip to main content

HTB VALENTINE WALK-THROUGH


HackTheBox is an excellent platform for various pen-testers to increase their testing skills and knowledge.
Machine Level -Easy
Machine Name -Valentine
Machine OS -Linux
Machine IP -10.10.10.79
Tools:
Nmap -Nmap is a fantastic tools for scanning the open ports, services and OS detection. You can use other tools other than nmap (which ever you are more comfortable with ) like masscan, SPARTA etc. to scan for open ports.
Method:
Scanning the machine is the first step(i.e. Enumeration).
Use the command sudo nmap -sSVS 10.10.10.79, this will scan for open ports and services on the host.
This box focuses on port 443.
Let's start the enumeration by visiting the IP address 10.10.10.79
Just an image. Nothing else. Is it all for this page?
No, actually this image is an important clue, if you look at the image, there's a heart and its bleeding.
That's the clue, the Heartbleed bug.
This bug allowed the attacker  to steal data, do eavesdropping, read the files etc.
That's what we do in enumeration. Information collection.
I found a python script for Heartbleed bug.
Save it in a file and Use this against the victim.
Command
python heartbleed.py 10.10.10.79 -p 443
(this command launches the heartbleed exploit on the machine at port 443)
We got some text here. But seems like it is encoded.
I decoded it by using base64, the command is
echo "aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg==" | base64 --decode
Decoded text is heartbleedbelievethehype
What could this be? Maybe a password.
Let's keep this as a possible password.
So, where do we login in?
Let's do directory busting and see if we find anything.
Using dirb tool command
dirb http://10.10.10.79/
Now what looks interesting to me is the dev directory.
Let's visit this.
There's nothing in notes.txt, let's visit the hype_key.
There's a hex dump data. Let's convert it into the text file using an online hex decoder.
Decoded data is a private key.
(Save this file as rsakey.key)
Let's review what we know, we have
1)Possible password ------  heartbleedbelievethehype
2)Private key
3)Name of the file was hype_key, it's possible that hype is a user.
Port 22(ssh) is open.
Let's try to connect over ssh
Use the command
chmod 400 rsakey.key
(this command gives user read permission and removes all other permissions)
Then connecting command for ssh
ssh -i rsakey.key [email protected]
It asks for passphrase so let's use heartbleedbelievethehype , and try to login.
Login successful.
Let's see what command can we use.
Let's grab the user flag first.
Unlike other Linux boxes, this box has a simpler method to gain root.
Use command cat .bash_history to see the bash commands history.
Seems like a tmux session has been created, let's use this session.
Use command tmux -S /.devs/dev_sess
We are root. It's easy, isn't it.
Grab the root flag.
That's all for this machine.
Take-back ->The heartbleed bug led us to gaining a shell on this machine.

Thanks for reading!

Comments

  1. naffoulibarriNovember 5, 2022 at 6:27 AM

    Any legit casino’s major concern shall be preserving your banking info protected. Choose a casino that has deposit and withdrawal strategies that you just belief. If you use bitcoin or different cryptos, the offer grows to 퍼스트카지노 a whopping $9,000.

    ReplyDelete
  2. AnonymousDecember 5, 2022 at 2:28 PM

    In thecasinosource.com 2011, Caesar’s acquired Playtika, an internet casino games firm that gives free and paid cellular games. A 12 months later, IGT acquired the free on line casino games app DoubleDown, which runs as each a stand-alone cellular app and thru Facebook. The firm now presents online table games and a great pattern of its portfolio of slots, together with Wheel of Fortune, to cellular players. Earlier this 12 months, the gaming big appointed former Zynga studio manager Jim Veevart as DoubleDown’s vice chairman of games.

    ReplyDelete

Post a Comment

Popular posts from this blog

VULNHUB INFOSEC PREP : OSCP

Welcome to the walkthrough of InfoSec Prep: OSCP walkthrough. It is a beginner-level boot2root machine and it can be downloaded from  here . I cracked this machine literally 5 minutes after it booted properly. So you can consider this machine the easiest.  Hint: Nmap Finding secret.txt and decoding it. Login via ssh. Privilege escalation to root via SUID binary.  Boot up the machine and it should show the IP address. We start off by pinging the box to verify that the box is up and running and we can reach out to it. Command: ping <IP> Then we can run Nmap scan to look for open ports and services running on the box. We will use -sC for running default scripts, -sV for Version/Service info and -T4 for faster execution, and -o for saving the result on a file named nmap The command is: sudo nmap -sC -sV -T4 <IP> -o filename Looking at the scan results, port 22 is open and running ssh, and port 80 is open, and it's running Apache. We can also see a directory named ...
Post a Comment
Read more

Beginners Code Review Part 1

  Image credits to  Leobit This is a walkthrough of an exercise created by  PentesterLab  as a free course for learning beginner-friendly source code review. The link to the source code is here . Either clone it or download it as a zip locally. As instructed in the exercise we won't run the run, just read through the source code and look for possible weaknesses that we can leverage into vulnerabilities. LIST OF WEAKNESSES You can find below the list of issues present in the application: Hardcoded credentials or secrets Information leak Missing security flags Weak password hashing mechanism Cross-Site Scripting No CSRF protection Directory Listing Crypto issue Signature bypass Authentication bypass Authorization bypass Remote Code Execution Hand-On Findings and Objectives * Hardcoded credentials or secrets      ...
Post a Comment
Read more

KIOPTRIX LEVEL 1 WALKTHROUGH WITH AND WITHOUT METASPLOIT

Kioptrix Level 1 is a beginner level CTF challenge. You can download this virtual machine from here .  Details of Kioptrix : Size----186 MB OS---Linux Note: In virtual box, set up a Bridged network (virtual box -> preferences -> network) in networking, put both your Kali and Kioptrix to Bridged network. Fire-up both the machines(Kali and Kioptrix Level 1) Kioptrix will ask for the logins which we don't know at the moment. This also means we can't find IP of the Kioptrix directly from the Kioptrix machine itself. Leave the Kioptrix machine as it is and switch to Kali. First we need to find the IP address of the Kioptrix machine. We will use the tool netdiscover that comes pre-installed in Kali Linux to identify the IP address. Command   sudo netdiscover -i eth0 Wait  for scan results. 192.168.233.130 seems to be the IP of the Kioptrix machine. Let's scan this IP address using the tool Nmap (scan will also verify that its the IP of Kioptrix machine) Command  su...
1 comment
Read more