Hack The Box Moncton Meetup #9.
Paper is a Linux box with an easy difficulty level that was released on February 5th, 2022 on HTB. The skills required to complete this box include the ability to work with a web proxy, knowledge of Virtual Hosts, a basic understanding of the Linux filesystem and Bash, and familiarity with nmap, a web proxy (Burp or ZAP), wpscan (optional), and Google search engine. The walkthrough starts with a quick full scan using nmap, revealing three open ports: SSH, HTTP, and HTTPS.
The initial attack vector begins with a default Apache page for CentOS, but after a closer look, the header of the HTTP requests reveals a hostname that leads to a vulnerable web application. The site is confirmed to be a Wordpress site, and the version can be determined through wpscan.
You then find your way to a Rocket Chat application. In there you find there is a bot that will automate a few things. The bot allows you to read files on the Linux system running it. With some searching you finally can find the user’s password in an environment file. The privilege escalation occurs through a polkit vulnerability, known as CVE-2021-3560, discovered in 2021.
Comments