HTB Walkthrough - Devvortex
Information Gathering
Scanned all TCP ports:
#nmap scan
nmap -sV -sC -v -p- -T4 -oN nmap/initial $IP --open
#nmap results
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA)
| 256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA)
|_ 256 18:cd:9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://devvortex.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Enumeration
TCP Port 80 - HTTP
HTB Walkthrough - Analytics
Information Gathering
Scanned all TCP ports:
#nmap scan
nmap -sV -sC -v -p- -oN nmap/initial $IP --open
#nmap results
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_ 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://analytical.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Enumeration
TCP Port 80 - HTTP
HTB Walkthrough - Poison
Resolution summary
- LFI on main webpage
- Reverse Shell via LFI
- Lateral escalation via weak encrypted password
- Privilege escalation via VNC running as root and password in zip file
- Root obtained and flags captured
PJPT Review
Introduction
As an aspiring cybersecurity professional with just over three years of experience in the field, I recently had the opportunity to take the Practical Junior Penetration Tester (PJPT) exam offered by TCM Security. With no prior formal penetration testing experience, my journey has largely been shaped by platforms like HackTheBox and TryHackMe. In this blog post, I’ll share my thoughts and experiences from the perspective of a novice tackling the PJPT exam after completing the “Practical Ethical Hacking” course.
Hugo Blog Setup
For my first blog post, I’d like to share how I created this blog. My stack utilizes Hugo, AWS S3, AWS CloudFront, AWS Certificate Manager, AWS Route 53, git, and GitHub actions. While this method isn’t the easiest to configure, once its complete it allows you to focus on the whole point of the blog in the first place, writing. If you want an easy method that doesn’t require much technical skill or effort check this out. However, this technical configuration and setup allows us to have more control over our blog and its security.
Now, let’s get started: