This is a retired Linux machine rated as Easy in HackTheBox.
Although the machine is tagged as Easy, the privilege escalation vectors found in the machine is a great way to be exposed to common and application-specific vulnerabilities and exploitation.
We are given a web application located in soccer.htb.
By using gobuster, we can find /tiny as a valid URL path
|
|
Before attempting to do anything, let’s read the description of the challenge first.
The description describes a scenario where a threat actor has uploaded a shell to the webserver. Using those clues, we can then attempt to try and solve the challenge.
The file given for the challenge is a singular .pcap file, which we can open in WireShark to inspect and do our investigations there.
After opening the file in WireShark, we can see that there are many different packets captured. However, we can use the clues that the description gave to give us a starting point in terms of searching for the right file. Remember that a threat actor has uploaded a shell to their web server. Working off this knowledge, we can then filter any activity involving uploads; namely POST and PUT HTTP requests.
This is a retired Linux machine tagged as Easy in HackTheBox. It involves interesting attack paths and a unique privilege escalation that you may commonly see misconfigured on industry scenarios.
An _nmap _scan at the target IP reveals a service running on Port 8080.
Upon loading port 8080 in our web browser, we are greeted with a web application named “Zodd Cloud”.
Navigating around the website, we can come across _/release_notes _which contains a change log of the website
As with most challenges, we start by reading the description.
The description mentions a PowerShell script that is supposedly downloading something as part of its execution. However, the more important part here, is that it mentions that the script seems to be obfuscated. Further inspection of the script could show us where to start in reversing the supposed obfuscation.
Upon inspecting the powershell script, we can see some parts of the format of the flag for this CTF (HTB{flag}). We can copy the part that contains the elements of the flag and clean up all the extra characters to give us the flag.
Before even starting to solve the challenge, we must first read the description, as it could reveal some valuable clues.
We can see that they mention visualizing the data, and Pandora used scatterplots in particular to visualize this data. We can start from here and work our way to the flag.
The most popular tool to pre-process, process, transform and visualize data is arguably Jupyter Notebook, in combination with the libraries pandas, and matplotlib.
