Home Hackthebox Tabby walkthrough
Post
Cancel

Hackthebox Tabby walkthrough

124295832-3653953797976480-4510901479630080213-o

Enumeration

ِNmap TIME!.

Scanning-0

ِِِAs you can see 80,22,8080 are open.

Let`s start checking

http-1 8080-2

ِAfter some recon i didn`t found anything in 8080.

ِBut i searched for megahosting exploit i found LFI so let`s try it.

LFI-3

ِBANG ! , we got credentials.

After some search i found out that we can have a reverse shell by uploading it to manager page

Exploitation

To-Create-Payload-and-upload-it-3

ِAfte uploading our shell let`s execute it.

executing-the-payload-4 LISTENING-34-N-A5-OSH-3-LA-L-MAKNA-5

After some recon i found a backup file at /var/www/html

So i made an http server to download it to my machine and crack it

Let`s crack it with FCRACKZIP

Crack-Backup-Zip-File

Privilege Escalation

I didn`t find anything interesting in the file , In the recon phase i found ash user so i tried the password on it

User-hasheno

BAM ! , we logged in and got user hash

I found this article about LXD privilege escalation and knowing that the user is in LXD group lxd privilege escalation

Let`s build !

BUILDING-L-H3-ML-BEH-PRIV-ESC start-server-to-priv-escalation Rooted

Thanks for Reading 🙏

This post is licensed under CC BY 4.0 by the author.