Tuesday 1 May 2018

10.10.10.7 BEEP hackthebox machine Write Up

BEEP 10.10.10.7 Write Up

Machine Created by ch4p
Machine is retired

Tools used:

Enumeration:

Nmap
GoBuster
goWapt

Exploitation:

NetCat

Steps:

Enumeration:

1. When we run nmap, we found that port 443 is opened. On port 443 is running apache Elastic.
command:
nmap 10.10.10.7
2. When we run gobuster, then we found some directory on the vtigercrm 5.1.0 is running.
3. After scanning vtigercrm 5.1.0 with goWAPT, we found /etc/passwd via LFI.
4. We can found a user named 'Fanis'.

Exploitation:

1. After google about asterix we can found 'etc/asterisk/manager.conf'. On that file there is user credential "admin:jEhdIekWmdjE".
2. Now, we can login to Vtigercrm with that credential and upload a webshell. With netcat we get reverse shell on my terminal.

getting user.txt flag:
now goto home folder and find the user.txt

command:
cd home
ls
cd Fanis
ls
cat user.txt

3.
getting root.txt flag:
command:
sudo -l
sudo /bin/chown -r asterisk /root cd root
ls
cat root.txt

Hints:

Reference:

http://syrion.me/blog/htb-beep/

Video:

https://www.youtube.com/watch?v=XJmBpOd__N8
Posted by on
Labels: ,

1 comment:

Subscribe to: Post Comments (Atom)