HackTheBox | Usage
Initial Foothold Hint:
- Look at all of the places on the web site that accept user input
- What are some common vulnerabilities to test for in input points?
- What characters make the server angry? And based on these characters, what kind of injection do you think you've found?
- What tool might help you automate further probing of this input point?
Privilege Escalation Hint:
- What users are present on the system?
- The box is named Usage, so something is being "monitored"
- What service is running on the box that might help with this?
- Did you find any interesting files pertaining to this service?
- Is any of the information in this file reused elsewhere?
Nmap Results
# Nmap 7.94SVN scan initiated Mon Apr 15 15:17:08 2024 as: nmap -Pn -p- --min-rate 2000 -sC -sV -oN nmap-scan.txt 10.10.11.18
Nmap scan report for 10.10.11.18
Host is up (0.013s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 a0:f8:fd:d3:04:b8:07:a0:63:dd:37:df:d7:ee:ca:78 (ECDSA)
|_ 256 bd:22:f5:28:77:27:fb:65:ba:f6:fd:2f:10:c7:82:8f (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://usage.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Apr 15 15:17:24 2024 -- 1 IP address (1 host up) scanned in 16.01 seconds
In the nmap
output for tcp/80
, we can see the redirect to http://usage.htb
, so let's go ahead and add that to our /etc/hosts
file.
echo '10.10.11.18 usage.htb' | sudo tee -a /etc/hosts
⛔
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.