3 posts tagged with "Java"

Summary:​

We navigate the Hack The Box website, starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information. We identify a running webserver and proceed with directory enumeration using gobuster to uncover hidden directories. After discovering a server status login page with default credentials, we log in to gain access to the Manager App website.

Analyzing this app further, we collect the necessary credentials to log in and then identify a file upload vulnerability on the website. We create a malicious payload using msfvenom, which we use to upload and execute a reverse shell on the target machine. With a stable shell established at system level access, we proceed to grab both the user flag and root flag, ultimately achieving System Own status.

Machine Name: Jerry | Difficulty: Easy | OS: Windows

Summary:​

We test connectivity and scan the target, then enumerate its web app and identify vulnerabilities. We find a Log4Shell vulnerability and exploit it using Metasploit to get a reverse shell connection with low-level access. From there, we grab the user flag and use our access to modify the admin credentials in the MongoDB database. We then log in as admin and change the recorded SSH credentials to ones under our control, granting us root privileges. Finally, we obtain the root flag.

Machine Name: Unified | Difficulty: Easy | OS: Linux

Summary:​

This article guides users through completing the Pennyworth machine challenge on Hack The Box. Here we conduct reconnaissance on a Jenkins server, discovering a login page and default credentials, as well as a vulnerable Script Console that can execute Groovy scripts. We exploit this vulnerability to gain access to the system and retrieve a flag located at "/root/flag.txt".

Machine Name: Pennyworth | Difficulty: Easy | OS: Linux