Showing posts from August, 2019

Fortune : Hackthebox Walkthrough

Fortune  is an retired machine of hackthebox. It is very interesting, we have to walk through the three users (bob, nfsuser, charlie) using three services(fortune, sshauth, pgadmin4) in order to get the root, And also keen observation is very helpful in this machine. OverView Exploit the service on http (fortune service) with RCE, getting the access over some files of user bob (SSL certificates). Using those certificates we can access the service over https (sshauth service) to generate ssh keys and access ssh over nfsuser  which turns the nfs server(/home) on .  Using nfs we can place our ssh keys in charlie authorized keys and access the ssh over charlie. By which we can look for the files[pgadmin4.db] of stopped service (pgadmin4 service). In which bob set dba password as root user password. By decrypting the password of bob. We can get the user root.  Enumeration : $ sudo masscan -e tun0 -p1-65535,U1-65535 --rate=1000 | tee masscan.