HackTheBox — Backdoor


nmap -p- -sC -sV --min-rate 5000 -vPORT   STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-generator: WordPress 5.8.1
| http-methods:
|_ Supported Methods: HEAD
1337/tcp open waste? syn-ack ttl 63
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel


From the scan we saw that there’s a web server apache server running on port 80


In order to find what’s running on that port we need can find it by reading /proc/sched_debug , which shows all the processes that are running on the system

Privilege Escalation

I checked the running processes and found that a command was being ran to create a de attached screen session




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store