Traverxec | HackTheBox Writeup

Overview

Traverxec is a easy Linux-based machine in HackTheBox by jkr

User Part

Start with nmap scan found 2 open ports

22:SSH

80:HTTP

run dirsearch for directory bruteforcing in the website

look for whatweb it recognizes what web technologies
including content management systems which are used in website,
You can see it’s using Nostromo server and its version

search for Nostromo exploits ,
Google bash script for this exploit and you can see bash scripts

Using the bash script we found from google, You can interact with that server,
So you can get reverse shell using nc command

We know that it’s using Nostromo server ,
so search for Nostromo folder,and go to the folder and
there is a conf folder go to the conf folder

Read nhttpd.conf file and you can see there is a
folder inside the David directory which is public_www

Go to The Folder, there is a protected-area folder go inside into that,
we can see a backup file of ssh in there

Copy that file to /tmp/ji and unzip it , You can see 3 file (authorized_keys,id_rsa,id_rsa.pub)

Copy the ssh key and save it in your machine

To crack the password first use ssh2john and crack password with john

Now you got password and you can login to the ssh of David

Root Part

You can see server-stats.sh inside David directory,read the file,
it’s using journalctl by sudo command

Going through GTFObins,we can see journalctl and

we can be root through the command execution given below

run the same which we saw in that server-stats.sh file, and then write
!/bin/bash after the execution,
You successfully root privileged and you can read root file

Share on facebook
Share on twitter
Share on linkedin