Editor is an easy Linux machine running a vulnerable version of XWiki that allows unauthenticated remote code execution, providing an initial foothold. Enumeration of the system reveals a misconfigured SUID binary, which can be exploited to escalate privileges and gain root access.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
We begin by running an initial nmap scan with the following command:
Cap is an easy difficulty Linux machine running an HTTP server that performs administrative functions including performing network captures. Improper controls result in Insecure Direct Object Reference (IDOR) giving access to another user’s capture. The capture contains plaintext credentials and can be used to gain foothold. A Linux capability is then leveraged to escalate to root.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
Getting Started is not really a box on HTB Labs, it is just a knowledge check in the Getting Started module of the Penetration Tester Job Role Path, but I am writing a Writeup about it anyway.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
We begin by running an initial nmap scan with the following command:
nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. luckily, a username can be enumerated and guessing the correct password does not take long for most. This is my first box and also my first writeup.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.