🛑
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Initial Foothold Hint:
- Have you tried other
nmap
scan types? Keyword:Community
- What other URL might allow you to login? Keyword:
Token
- Enumerate the server version. Any CVEs?
- How can you leverage this CVE to get server admin and get a shell?
Privilege Escalation Hint:
- What privileges does your user have?
- Any interesting files that go along with those privileges?
- Have you truly enumerated a way to abuse these privileges? Keyword:
Systemd