HackTheBox - Irked

zy1FCOZMrZ8/default.jpg

00:39 - Begin on Recon
01:39 - Starting a full nmap scan
04:15 - Discovery of IRC
04:35 - Manually looking at IRC
06:00 - Looking at the IRC to understand how to connect to an IRC Server
07:00 - Pulling the IRC Version and discovering the exploit
08:50 - Going into the history of the IRC Backdoor
09:45 - Manually exploiting the IRC Server
13:10 - Shell returned on the server
14:30 - Discovery of .backup which gives a steg password
16:45 - Logging in with djmardov
21:20 - Discovery of SetUID enabled custom binary, viewuser
23:25 - Using ltrace to see what the binary does, executes the file /tmp/listusers
23:50 - Getting a root shell
25:50 - Testing exploiting the binary with "who", fails due to no setuid
27:50 - Looking at the binary within Ghidra

zy1FCOZMrZ8/default.jpg
HackTheBox - Irked HackTheBox - Irked Reviewed by Unknown on April 27, 2019 Rating: 5