20 Jul, 2024
Hack The Box: Headless Machine Walkthrough – Easy Difficulty
Easy Machine , , , , , ,
Reading Time: 5 minutes

In this post, I would like to share a walkthrough of the Headless Machine from Hack the Box

This room will be considered an Easy machine on Hack the Box

What will you gain from the Headless machine?

For the user flag, you need to exploit a Cross-Site Scripting (XSS) vulnerability, we will capture the session cookie of the administrator user. This captured cookie will enable us to perform Remote Code Execution (RCE), allowing us to gain access to the target machine.

As for the root flag, you must exploit the syscheck script by creating a malicious file, enabling it to execute with root user permissions.

Information Gathering on Headless Machine

Once we have started the VPN connection which requires a download from Hackthebox, we can start

|_ 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port5000-TCP:V=7.94SVN%I=7%D=7/20%Time=669B6A17%P=x86_64-pc-linux-gnu%r SF:(GetRequest,BE1,"HTTP/1\.1\x20200\x20OK\r\nServer:\x20Werkzeug/2\.2\.2\ SF:x20Python/3\.11\.2\r\nDate:\x20Sat,\x2020\x20Jul\x202024\x2007:33:08\x2 SF:0GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length: SF:\x202799\r\nSet-Cookie:\x20is_admin=InVzZXIi\.uAlmXlTvm8vyihjNaPDWnvB_Z SF:fs;\x20Path=/\r\nConnection:\x20close\r\n\r\n\n\n\n\x20\x20\x20\x20\n\ SF:x20\x20\x20\x20\n\x20\x20\x20\x20Under\x20Construct SF:ion\n\x20\x20\x20\x20