Post

Hackthebox Tabby walkthrough

Posted Updated
By Mohamed Magdy AbuMuslim - أبومسلم 1 min read

124295832-3653953797976480-4510901479630080213-o

Enumeration<

ِNmap TIME!.

Scanning-0

ِِِAs you can see 80,22,8080 are open. Let`s start checking

http-1 8080-2

ِAfter some recon i didn`t found anything in 8080. ِBut i searched for megahosting exploit i found LFI so let`s try it.

LFI-3

ِBANG ! , we got credentials. After some search i found out that we can have a reverse shell by uploading it to manager page

Exploitation

To-Create-Payload-and-upload-it-3

ِAfte uploading our shell let`s execute it.

executing-the-payload-4 LISTENING-34-N-A5-OSH-3-LA-L-MAKNA-5

After some recon i found a backup file at /var/www/html So i made an http server to download it to my machine and crack it Let`s crack it with FCRACKZIP

Crack-Backup-Zip-File

Privilege Escalation

I didn`t find anything interesting in the file , In the recon phase i found ash user so i tried the password on it

User-hasheno

BAM ! , we logged in and got user hash I found this article about LXD privilege escalation and knowing that the user is in LXD group lxd privilege escalation Let`s build ! BUILDING-L-H3-ML-BEH-PRIV-ESC start-server-to-priv-escalation Rooted # Thanks for Reading 🙏
HTB
HTB
This post is licensed under CC BY 4.0 by the author.