This box is a “Medium” Linux box by HackTheBox. Note that this “Medium” box is probably one of the hardest medium boxes I’ve encountered, or to quote a great XXI century philosopher ;
Babywyrm just created a box that is to medium boxes the equivalent of what Dark Souls is to casual gaming
User flag #
Usual first scans : #
mkdir scans loot shares
nmap -A 10.129.47.206 -vvv -oA scans/first_scan
nmap -A 10.129.47.206 -vvv -p- -oA scans/full_scan
nmap -sU -A 10.129.47.206 --top-port 100 -vvv -oA scans/first_scan_udp
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 66:f8:9c:58:f4:b8:59:bd:cd:ec:92:24:c3:97:8e:9e (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCNmct03SP9FFs6NQ+Pih2m65SYS/Kte9aGv3C8l43TJGj2UcSrcheEX2jBL/jbje/HRafbJcGqz1bKeQo1cbAc=
| 256 96:31:8a:82:1a:65:9f:0a:a2:6c:ff:4d:44:7c:d3:94 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjor5/gXrTqGEWiETEzhgoni1P2kXV3B4O2/v2SGnH0
80/tcp open http syn-ack ttl 62 nginx 1.28.0
|_http-favicon: Unknown favicon MD5: 000BF649CC8F6BF27CFB04D1BCDCD3C7
|_http-title: GIVING BACK IS WHAT MATTERS MOST – OBVI
| http-methods:
|_ Supported Methods: GET HEAD POST
|_http-generator: WordPress 6.8.1
|_http-server-header: nginx/1.28.0
30686/tcp open http syn-ack ttl 63 Golang net/http server
|_http-title: Site doesn't have a title (application/json).
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: 078C07D5669A42740EF813D5300EBA4D
| fingerprint-strings:
Looks like the usual Linux box with a web + ssh combo but with an extra exotic web port (30686)
Web recon #
Let’s start by looking at this Wordpress :
The content of this article is currently restricted due to HackTheBox’s policies. This blog post will remain private until the machine is retired.
Have fun and don’t hesitate to DM me to ask questions on Discord (through the HTB Discord), Linkedin or on X ;)
In the meantime you can follow me on HTB :
