Today was fairly successful, I think I spent around 4-5 hours on HackTheBox today. Mainly I did the last three boxes of the Starting Point:
- “Vaccine” (only the privlege esclation part): A Linux machine. The privilege could be elevated by exploiting sudo permissions on
/bin/viwith help of GTFO bins.
- “Included”: Another Linux machine with a UDP TFTP server and a web server running. Initial foothold can be reached by uploading a webshell to the TFTP server and then accessing it via LFI from the web server. Additionally, a user password can be found in cleartext on the machine. With this, we can log in to the server and escalate privileges by using the lxd-group privileges of the user.
- “Markup”: A Windows server. The initial foothold can be reached by brute-forcing the login panel and then using XXE injection to find a username and ssh key. After logging in via SSH, we can escalate the privileges by exploiting a bat-file that runs with administrator privileges.
You can write the write-up for Tier 2 in this post.
I really liked the Starting Point series because the machines were fun and creative. Unfortunately, I got stuck a couple of times (mostly at the privilege escalation part) and had to consult the walkthrough. I hope with more practice I’ll be able to solve it completely without them.