A lot of people did ask me how I rooted any machine in Hack The Box so I will explain and elaborate on how I play HTB machine.
I’m pretty sure that most people will be wondering about the methodology that I use while playing a machine from Hack The Box.
The objective of playing the HTB machine
When playing a machine, you need to gather information from the machine and obtain a reverse shell from the vulnerability that we found.
Next, we can enumerate further on the machine which leads us to escalate the privileges to obtain a root access
For us to fully pwned the machine, we need to submit the user flag and root flag.
Information Gathering on HTB machine
We can start the activity by doing information gathering to obtain any information on the target’s machine as much as possible. The purpose of that activity is to gain information on the target’s machine such as system vulnerabilities and potential attack vectors.
The command that can be used for information gathering is as follows:
nmap -sC -sV <IP Address> -oA intial
Once we have obtained a Nmap result, we can enumerate further the service that we found.
Enumeration of HTTP Service
All HTB machines will have HTTP ports open which normally have a lot of things that we can look into.
Normally, I will run gobuster to enumerate the directory on the website interface. Aside from that, I also can use Burpsuite to play with the requests from the website itself.
We also can enumerate subdomain if there’s vulnerability on the actual website by running gobuster command
Escalate to Root Privileges Access
As for the root privileges access, I will find any useful SUID Binary which will allow us to obtain a root shell at least.
We also can use Linpeas.sh for Linux enumeration and winpeas.sh for windows enumeration so that we can verify the SUID Binary that way and if we are lucky, we might also find any path to exploit the machine for root escalation