cestoliv, il y a 2 ans - jeu. 23 sept. 2021

Cap - HackTheBox Machine

The traffic analysis with Wireshark will allow us to find FTP identifiers. Then it's a simple python privilege escalation that will give us the control of the machine.

Scanning of open ports

nmap -sV -sC
# 21/tcp open  ftp     vsftpd 3.0.3
# 22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
# 80/tcp open  http    gunicor

Exploring the web server

We have access to the Wireshark data downloads and by manipulating the URL, we access the first recorded data (on In this Wireshark file we find Nathan's FTP traffic in clear text: we find his FTP password (Buck3tH4TF0RM3!) which also allows us to connect in SSH!

User own!

We arrive directly in Nathan's home and a file user.txt contains the user flag.

The classic privileges escalation

After a few tests we manage to do a privilege escalation with Python :

    import os
    os.setuid(0) # go to root
    os.system("/bin/bash") # open a bash (as root)

System own!

This rooted bash gives us access to the /root in which we find a root.txt which contains the flag !