Hackthebox Tracback walkthrough

Enumeration

ِWe will use NMAP for enumeration phase, So let`s GO !.

ِSo NMAP found that port 22 and port 80 are open. Let`s Check port 80.

ِOuch! look like someone was here before us. ِLet`s view the source code.

ِHe left a backdoor for us. Now search for Xh4h web shell

Now let`s clone it and try them.

So it`s smevk.php webshell. let`s open the shell and see what is in it.

Foothold

We found the password. let`s login.

We are logged as WebAdmin. let`s discover what we can do.

So i found that i can log in as webadmin by SSH. let`s upload our public key.

Execute this to use your public key. echo “your-publickey” >> authorized_keys in Execute option in /home/webadmin/.ssh/ directory

Let`s log in now !.

Privilege Escalation

We need to see what i can do without sudo password. We can switch to sysadmin

User hash

Let`s run Pspy to see runing proccess.

Gotcha !.

00-header displays when we log by ssh as webadmin so we need to make our reverse shell. I used Pentestmonkey cheatsheet

Start you nc and log as webadmin and you will get root access.

Thanks for Reading 🙏