-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwriteup1.html
94 lines (86 loc) · 5.1 KB
/
writeup1.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="HackTheBox Writeup for Easy Box 1.">
<title>Writeup: Easy Box 1</title>
<!-- Tailwind CSS -->
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/tailwind.min.css" rel="stylesheet">
</head>
<body class="bg-gray-900 text-white min-h-screen flex flex-col">
<!-- Navbar -->
<nav class="bg-gray-800 p-4">
<div class="container mx-auto">
<ul class="flex space-x-4">
<li><a href="index.html" class="text-white hover:text-gray-400">Home</a></li>
<li><a href="about.html" class="text-gray-400 hover:text-white">About</a></li>
<li><a href="contact.html" class="text-gray-400 hover:text-white">Contact</a></li>
</ul>
</div>
</nav>
<!-- Writeup Content -->
<div class="container mx-auto p-6 flex-grow">
<h1 class="text-4xl font-bold mb-4">HackTheBox: Easy Box 1 Writeup</h1>
<p class="mb-6">This is a detailed walkthrough of the HackTheBox Easy Box 1 challenge, covering each stage of the penetration testing process.</p>
<!-- Table of Contents -->
<div class="bg-gray-800 p-4 rounded mb-4">
<h2 class="text-2xl font-bold mb-4">Table of Contents</h2>
<ul class="list-decimal list-inside">
<li><a href="#enumeration" class="text-blue-400 hover:underline">Enumeration</a></li>
<li><a href="#vulnerabilities" class="text-blue-400 hover:underline">Vulnerabilities Identified</a></li>
<li><a href="#exploitation" class="text-blue-400 hover:underline">Exploitation</a></li>
<li><a href="#post-exploitation" class="text-blue-400 hover:underline">Post-Exploitation</a></li>
<li><a href="#lessons-learned" class="text-blue-400 hover:underline">Lessons Learned</a></li>
</ul>
</div>
<!-- Enumeration Section -->
<div id="enumeration" class="bg-gray-800 p-4 rounded mb-6">
<h2 class="text-3xl font-bold mb-2">Enumeration</h2>
<p>In this section, we perform network reconnaissance and service discovery using tools like <strong>nmap</strong>, <strong>netcat</strong>, or others to identify open ports, services, and potential attack vectors.</p>
<pre class="bg-gray-700 p-4 rounded text-sm mb-4">nmap -sC -sV -oN nmap_initial.txt 10.10.10.X</pre>
<p>Output shows open ports 22 (SSH) and 80 (HTTP). We also found a public web directory that looks interesting.</p>
</div>
<!-- Vulnerabilities Identified -->
<div id="vulnerabilities" class="bg-gray-800 p-4 rounded mb-6">
<h2 class="text-3xl font-bold mb-2">Vulnerabilities Identified</h2>
<p>Based on the services identified, the following vulnerabilities were discovered:</p>
<ul class="list-disc list-inside mb-4">
<li>Outdated <strong>Apache HTTP Server</strong> (CVE-XXXX-XXXX)</li>
<li>Weak credentials for SSH access</li>
</ul>
</div>
<!-- Exploitation Section -->
<div id="exploitation" class="bg-gray-800 p-4 rounded mb-6">
<h2 class="text-3xl font-bold mb-2">Exploitation</h2>
<p>In this section, we detail how the vulnerabilities were exploited to gain initial access to the system.</p>
<p>Exploiting the outdated Apache server allowed us to upload a reverse shell:</p>
<pre class="bg-gray-700 p-4 rounded text-sm mb-4">nc -lvnp 4444</pre>
<p>Next, we used a weak SSH password to gain further access to the machine.</p>
</div>
<!-- Post-Exploitation Section -->
<div id="post-exploitation" class="bg-gray-800 p-4 rounded mb-6">
<h2 class="text-3xl font-bold mb-2">Post-Exploitation</h2>
<p>After gaining access, we performed the following actions:</p>
<ul class="list-disc list-inside mb-4">
<li>Privilege escalation using a kernel exploit</li>
<li>Collected sensitive data such as <strong>/etc/passwd</strong> and system logs</li>
<li>Maintained persistence with a hidden SSH key</li>
</ul>
</div>
<!-- Lessons Learned -->
<div id="lessons-learned" class="bg-gray-800 p-4 rounded mb-6">
<h2 class="text-3xl font-bold mb-2">Lessons Learned</h2>
<p>This section highlights key takeaways and best practices learned from the engagement:</p>
<ul class="list-disc list-inside">
<li>Ensure timely updates and patch management to avoid exploitation of known vulnerabilities.</li>
<li>Use strong, unique credentials for all accounts to prevent easy brute-force attacks.</li>
</ul>
</div>
</div>
<!-- Footer -->
<footer class="bg-gray-800 p-4 text-center mt-auto">
<p>© 2024 Your Name. <a href="https://github.com/your-github" class="text-blue-400 hover:underline">GitHub</a></p>
</footer>
</body>
</html>