HackTheBox: Easy Box 1 Writeup

Table of Contents

• Enumeration
• Vulnerabilities Identified
• Exploitation
• Post-Exploitation
• Lessons Learned

Enumeration

In this section, we perform network reconnaissance and service discovery using tools like nmap, netcat, or others to identify open ports, services, and potential attack vectors.

nmap -sC -sV -oN nmap_initial.txt 10.10.10.X

Output shows open ports 22 (SSH) and 80 (HTTP). We also found a public web directory that looks interesting.

Vulnerabilities Identified

Based on the services identified, the following vulnerabilities were discovered:

• Outdated Apache HTTP Server (CVE-XXXX-XXXX)
• Weak credentials for SSH access

Exploitation

In this section, we detail how the vulnerabilities were exploited to gain initial access to the system.

Exploiting the outdated Apache server allowed us to upload a reverse shell:

nc -lvnp 4444

Next, we used a weak SSH password to gain further access to the machine.

Post-Exploitation

After gaining access, we performed the following actions:

• Privilege escalation using a kernel exploit
• Collected sensitive data such as /etc/passwd and system logs
• Maintained persistence with a hidden SSH key

Lessons Learned

This section highlights key takeaways and best practices learned from the engagement:

• Ensure timely updates and patch management to avoid exploitation of known vulnerabilities.
• Use strong, unique credentials for all accounts to prevent easy brute-force attacks.