Love | HackTheBox Writeup

Overview

Love is an easy Windows-based machine in HackTheBox

User Part

Start with nmap scan found many open ports.

From the map scan, I found the DNS name and added to /etc/hosts.

Checking HTTP shows a login page, but I don’t have any credentials

I got some directories using ffuf.

Let’s use this later.

Then i checked the subdomain part and I got this website.

On clicking Demo, I redirected to another website that has the functionality to scan the file using URL.

I just typed 127.0.0.01 and I got this .

This is what I got in HTTP.

So I started checking every port and in 1 port I got these credentials.

I previously got a login page, I tried the credentials in there but no success.

Then I checked credentials in the admin directory which I got in directory brute-forcing using ffuf and got success.

I redirected to the dashboard.

This is a votingsystem.

There is an option to add new voters and also profile upload.

So I started to check file upload vulnerabilities.

I checked Votingsystem exploit in google and got this website

As shown in the image i change some part in the code.

changes:

changed username,password,REV_IP

deleted ‘/votesystem’ from PAGE & URL because we don’t have that directory.

I run and I got the shell back with the exploit.

Root Part

I uploaded linpeas and checked any privilege escalation techniques and I got this.

On searching about this privilege escalation in google I got this article.

From that article, I got an idea of how to exploit.

so created a new msi payload using msfvenom.

I uploaded that exploit and got reverse shell as SYSTEM in metasploit.

Share on facebook
Share on twitter
Share on linkedin