Initial Foothold Hint
Thorough enumeration of the public-facing services should lead you to some published security research and CVE with a proof-of-concept available. In most cases, SSH is never the first way into a target.
Privilege Escalation Hint
You need to have a solid post-exploit enumeration strategy. Consider which user you're running as and which files you might have access to. Enumerate everything — processes, services, internal port bindings, interesting files. Think about how information you discover at each phase could be used to access services that weren't previously accessible.
ℹ️
For more hints and assistance, come chat with me and the rest of your peers in the HackTheBox Discord server. Or, you can reach out to me at my other social links in the site footer or site menu.
Nmap Results
# Nmap 7.94SVN scan initiated Wed Sep 11 09:30:05 2024 as: nmap -Pn -p- --min-rate 2000 -sC -sV -oN nmap-scan.txt 10.129.69.116
Nmap scan report for 10.129.69.116
Host is up (0.017s latency).
Not shown: 65532 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp
| fingerprint-strings:
| GenericLines:
| 220 ProFTPD Server (sightless.htb FTP Server) [::ffff:10.129.69.116]
| Invalid command: try being more creative
|_ Invalid command: try being more creative
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 c9:6e:3b:8f:c6:03:29:05:e5:a0:ca:00:90:c9:5c:52 (ECDSA)
|_ 256 9b:de:3a:27:77:3b:1b:e1:19:5f:16:11:be:70:e0:56 (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://sightless.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Sep 11 09:31:21 2024 -- 1 IP address (1 host up) scanned in 75.79 seconds
⛔
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.