Armageddon | HackTheBox Writeup
Armageddon is an easy Linux based machine in HackTheBox
Start with nmap scan shows 2 ports are open.
also shows CHANGELOG.txt file exists.
So checking CHANGELOG.txt reveals Drupal and it’s version
By searching google I found drupalgeddon2 exploit and I used Metasploit for exploitation.
i got shell.
in the settings.php file, I got the username and password for MySQL.
MySQL has the option ‘-e’ to execute the command. so I used that and got databases.
with that, I got a username and password.
Using hashcat i identified what hash is that and I decrypt that.
Using that username and password I can log in to ssh.
I checked what commands a current user can run with root privilege using sudo -l.
I got snap.
I went through the code, it needs to be decoded by base64.
so I decoded that with base64 -d and saved it as a .snap file.
Then I installed it with sudo privilege and got the installation completed message.
As mentioned above repository, created a new user ‘dirty_sock’.
now I can log in to that user with username as password.
That user has all privilege and I can read root.txt.