HackTheBox | Usage

In this walkthrough, I demonstrate how I obtained complete ownership of Usage on HackTheBox
HackTheBox | Usage

Initial Foothold Hint:

  • Look at all of the places on the web site that accept user input
  • What are some common vulnerabilities to test for in input points?
  • What characters make the server angry? And based on these characters, what kind of injection do you think you've found?
  • What tool might help you automate further probing of this input point?

Privilege Escalation Hint:

  • What users are present on the system?
  • The box is named Usage, so something is being "monitored"
  • What service is running on the box that might help with this?
  • Did you find any interesting files pertaining to this service?
  • Is any of the information in this file reused elsewhere?

Nmap Results

# Nmap 7.94SVN scan initiated Mon Apr 15 15:17:08 2024 as: nmap -Pn -p- --min-rate 2000 -sC -sV -oN nmap-scan.txt 10.10.11.18
Nmap scan report for 10.10.11.18
Host is up (0.013s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 a0:f8:fd:d3:04:b8:07:a0:63:dd:37:df:d7:ee:ca:78 (ECDSA)
|_  256 bd:22:f5:28:77:27:fb:65:ba:f6:fd:2f:10:c7:82:8f (ED25519)
80/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://usage.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Apr 15 15:17:24 2024 -- 1 IP address (1 host up) scanned in 16.01 seconds

In the nmap output for tcp/80, we can see the redirect to http://usage.htb, so let's go ahead and add that to our /etc/hosts file.

echo '10.10.11.18        usage.htb' | sudo tee -a /etc/hosts

This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.

Read the full story

Sign up now to read the full story and get access to all posts for Pending Publication tier only.

Subscribe
Already have an account? Sign in
0xBEN
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.