The traffic analysis with Wireshark will allow us to find FTP identifiers. Then it's a simple python privilege escalation that will give us the control of the machine.
- Platform: HackTheBox
- Système: Linux
- Difficulty: Easy
- Goal: Find a flag in the user home directory, then in the root directory
Scanning of open ports
nmap -sV -sC 10.10.10.245 # PORT STATE SERVICE VERSION # 21/tcp open ftp vsftpd 3.0.3 # 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) # 80/tcp open http gunicor
Exploring the web server
We have access to the Wireshark data downloads and by manipulating the URL, we access the first recorded data (on
In this Wireshark file we find Nathan's FTP traffic in clear text: we find his FTP password (
Buck3tH4TF0RM3!) which also allows us to connect in SSH!
We arrive directly in Nathan's home and a file
user.txt contains the user flag.
The classic privileges escalation
After a few tests we manage to do a privilege escalation with Python :
import os os.setuid(0) # go to root os.system("/bin/bash") # open a bash (as root)
This rooted bash gives us access to the
/root in which we find a
root.txt which contains the flag !