HackTheBox Ready Writeup

Hello, i want to share how i solve HackTheBox Ready machine. this box is kind need more research to analyze and fun.

First step as usually use nmap payload “nmap 10.10.10.220 -sV -sC — script=vuln -O -oN detail.txt” that nmap will execute simple vuln script for all command port and output to detail.txt then open port 22 ssh and 5080 http run on nginx

i register user as asd that show above then i found gitlab version 11.4.7 then i found exploit for that version from this website https://www.exploit-db.com/exploits/49334 then i analyze that python file, that is reverse shell and i listen on local machine with command “nc -nlvp 1234” will listen on port 1234

then i run that payload, the payload will create project on our gitlab account then will give connection to our local machine that show below

then i got user.txt, luckily i can read file cause we on same group

then i try to create new ssh pub key on local machine then copy to box machine on /var/opt/gitlab/.ssh directory but still cant access through SSH without password

then i realize that is docker container

then i found interesting file on /opt/backup/gitlab.rb then i try grep word that contain password then found smtp_password, then login as root use that password but i can’t find root.txt and i struggle then research more than we found that can privilege escalation on docker container on this website https://betterprogramming.pub/escaping-docker-privileged-containers-a7ae7d17f5a1?gi=22eeaf6c1d60

then i make tmp file then mount on their local box then we got root.txt

--

--

--

MII Cyber Security Consulting Services is a division under PT. Mitra Integrasi Informatika and part of Metrodata Group. MII Cyber Security Consulting Services provide following services : Security Assessment, DFIR Services, MSS SOC, Training, and other cyber security fields.

Recommended from Medium

Announcement that LBank Completed the Reward Distribution of ABTC Time- Limited Q&A Airdrop

ColdStack Integrates Storj

New Cybersecurity Learning Hub Innovations Empower Anyone to Skill Up

Trailhead characters Codey and Astro with camping equipment in a forrest setting.

{UPDATE} Juego de memoria Hack Free Resources Generator

What Is Factomprotocol? (FCT) Complete Guide Review About Factomprotocol.

What Is Factomprotocol? (FCT) Complete Guide Review About Factomprotocol.

Mean dApp updates — Faster, smoother & secure DeFi!

IBM Watson Security Director

Memory Foam Mattress is great option for yourbed https://t.co/dr5IErvDd5

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Anjas

Anjas

ordinary man

More from Medium

Aragog

Belkasoft CTF:Kidnapper Case Writeup

Analyzing a macro enabled office file.

Vulnhub — Necromancer Writeup