Introduction

Traceback was the first machine I did return back to HackTheBox. Just fresh off my OSCP journey I wanted to do a refresher. I started by running Autorecon:

Copy
Port 80 was open

Port 80 was open

The HTML Source showed:

Copy

Looked up Xh4H and web shell. Logged in with admin/admin

Dashboard of the SMEVK.php shell.

Dashboard of the SMEVK.php shell.

Created myself a Public Key:

Copy

Logged in:

Copy

Note.txt

Copy

Luvit was running sysadmin privs. Executed a Shell –

Copy

Added myself to authorized keys under sysadmin.

Copy

Ran LinPeas:

Snapshot of LinPEAS showing MOTD is being run by group sysadmin

Snapshot of LinPEAS showing MOTD is being run by group sysadmin

Noticed this was the header files when logging into SSH.

Copy

Logged out of SSH and logged back in:

Captured the root flag upon logging back into ssh.

Captured the root flag upon logging back into ssh.

Rooted

Published On: August 6th, 2020 / Categories: HTB, Technology / Tags: , , , /

Leave A Comment