My First Crop of Bush Beans Inspire Me To Keep Going

I learned about bush beans from a young co-worker. She told me all they needed was a basic tomato cage to keep them from collapsing to the ground. When she was growing up, her family kept a garden…

Smartphone

独家优惠奖金 100% 高达 1 BTC + 180 免费旋转




Nunchucks HackTheBox Walkthrough

Nunchucks is a Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a basic port scan and move laterally based on the findings. Then we will enumerate HTTP services and hunt vulnerabilities present on the web page. Laterally, we will exploit server-side template injection (SSTI) vulnerability to gain an initial foothold in the target system. Then we will exploit Perl capabilities to gain a root shell.

Initial Access

Privilege Escalation

Let’s exploit it step by step.

We are going to start the assessment with the normal TCP/IP port scanning.

We begin with the port scan where we are using nmap to find out which ports are open and what services are running in the target host. Nmap is a popular port scanning tool that comes with Kali Linux. To perform port scan, we have used –sV and -an sC flag which performs a service version with default NSE scripts against the target machine.

Flags features:

-sV: Attempts to determine the service version

-sC: Scans with default NSE scripts

nmap -sV -sC 10.129.30.114

From the nmap scan, we have found there were only three ports open, which are port 22,80 and port 443. As usual HTTP and HTTPS service is running on port 80 and 443 and SSH service is running on port 22. HTTP and HTTPS service is used for Webhosting whereas SSH service is used for remote connection. We did not find any vulnerabilities on SSH version 8.2p1 and the possible attack we can perform against the SSH service at this stage is Bruteforce only which we might not need to do. Furthermore, it is hosted on nginx 1.18.0, and we can see that port HTTP is redirecting to HTTPS. Also, we found a domain name which is nunchucks.htb.

We added nunchucks.htb to our /etc/host file for further analysis.

Add a comment

Related posts:

A Sea Change

The Government has changed the rules of the OSP game — our guide on what has changed, what remains the same, and what you need to do. On 5th Nov, 2020, the government of India announced that to…

Can Medium act as a personal Journal?

Today I am starting my writing with only one thing in mind. I want to try my Medium articles as if I am writing my day. The things that happened in my day, things that I learnt and things I would…

A Resemblance between Human Learning and Machine Learning

While I was learning Learning How to Learn: Powerful mental tools to help you master tough subjects at Coursera, and having a background in Computer Science, I started joining dots with Machine…