HTB Footprinting Lab (easy) write-up

thesw0rdthesw0rd
1 min read

This is a concise writeup about hacking an HTB Machine, specifically a task from the footprinting lab at the end of the "Footprinting" module.

  • Footprinting (Nmap Scan)

    • Initial nmap scan of 10.129.40.235 was performed.

    • Discovered open ports: 21/tcp (FTP), 22/tcp (SSH), 53/tcp (DNS), and 2121/tcp (CCProxy-FTP).

  • Initial Access via FTP (Port 2121)

    • Connected to the ccproxy-ftp service on port 2121 using credentials ceil:qwer1234.

    • Used ls -a to list files and found .bash_history.

    • Retrieved .bash_history.

    • Analysis of .bash_history revealed commands related to SSH key generation: ssh-keygen -t rsa -b 4096 and cat id_rsa.pub >> authorized_keys.

  • SSH Access

    • Retrieved the id_rsa private key via FTP.

    • Set id_rsa file permissions to 600 (chmod 600 id_rsa) to resolve permissions error.

    • Gained SSH access as ceil user using the command: ssh -i id_rsa ceil@10.129.40.235.

  • Flag Retrieval

    • Navigated to the /home/flag directory.

    • Found flag.txt inside /home/flag.

    • The content of flag.txt is HTB{7nrzise7hednrxihskjed7nzrgkweunj47zngrhdbkjhgdfbjkc7hgj}.

0
Subscribe to my newsletter

Read articles from thesw0rd directly inside your inbox. Subscribe to the newsletter, and don't miss out.

hackthebox machinehtb#HackTheBoxCTF Writeup

Written by

thesw0rd
thesw0rd