Today, I say au revoir to Manjaro for annoying me into switching to another Linux distro.
This was a fun challenge that is more about solving a puzzle than hacking. You could probably write a nice script in python to solve this challenge, but I am a bash person at heart (well, I prefer ZSH, but that’s besides the point). I decided to use the basic tools installed on my Linux box to solve this.
A nice easy challenge to start off the week! I found this to be fun and engaging even though its labeled as “very easy”. A good example of how to take multiple vulnerabilities and leverage them into an RCE.
Checkout the official page on HTB for more information on the box, or fire up an instance and start hacking along. This is labeled as an “easy” box, but I kind of disagree with that statement. I believe its considered easy, as you’ll soon see, because you can obtain the source code for the applications running on it. Unless you have a strong developer mindset, it can be a bit difficult to figure out where the weaknesses are.
SSH is ubiquitous with network communication. It’s everywhere. Almost every platform you can think of has an SSH client that you can use. iPhone? Yep! Android? Yep! Linux? obviously! Windows, macOS, FreeBSD, Android, Solaris? You know it! Hell, even your web browser can be used as a remote terminal session. SSH is a powerful tool, and can do so much more than just connecting to a remote machine. Knowing how use these advanced features can really help you in your IT or development career. There are other nefarious reasons why this is useful knowledge as well. But for the purposes of this post, we’ll be using the example of a corporate network.
Delivery is an Easy machine on Hack the Box. Check out its official page for more information, or to start it up and follow along.
And they said MD5 is useless now… MD54LYFE!~
Time to push myself. I decided to go for a “Medium to Hard” box, Tomato this time round. I’m really liking the boxes put forth by the SunCRS Team. This box really helped me solidify some tactics I struggled understand early on. Hopefully you learn something from this as well.