HackTheBox Delivery Writeup

Hello, i want share how i solve Hackthebox Delivery box. this box is fun and easy

First step scan with nmap payload “nmap 10.10.10.222 -sV -sC — script=vuln -O -oN detail.txt”. that nmap will execute simple vuln script for all command port and output to detail.txt

as you can see that open port 22 ssh and 80 http, next step we go to website

Next step checking all html on index.html and try nikto, dirbuster but only show directory /assets and /error that forbidden to access then i found interesting redirect link show below like helpdesk and contact us

next step we define on local machine directory /etc/hosts “10.10.10.222 helpdesk.delivery.htb” and “10.10.10.222 delivery.htb” because redirect to domain name that must define on local machine

Access that support center website and create ticket then view ticket

I thought that normal ticket and then i move on to contact us page

I found interesting link that redirect to mattermost server

That show login page and create account then i create account with that ticket we not use email but use my ticket is 3276388@delivery.htb as email address

I got verification email from support center website that we access before then i access that link and we can login to mattermost server

I join internal channel then found credentials SSH for user maildeliverer

I access use that credentials then i got user.txt then i try some script like linpeas.sh but not found something

Then i found config file on /opt/mattermost/config.json then we got mysql credentials

Then query and found users tables on mattermost database

then i query who have username root then we got hash password

i tried to analyze hash then found that bcrypt hashing then i try crackstation, common password but can’t login as root then i access mattermost website

i found cluse that variant password “PleaseSubscribe!” then use hashcat rules

then i got the password that is “PleaseSubscribe!21”

then i login as root and got root.txt