A lot of people did ask me how I rooted any machine in Hack The Box so I will explain and elaborate on how I play HTB machine.

I’m pretty sure that most people will be wondering about the methodology that I use while playing a machine from Hack The Box.

The objective of playing the HTB machine

When playing a machine, you need to gather information from the machine and obtain a reverse shell from the vulnerability that we found.

Next, we can enumerate further on the machine which leads us to escalate the privileges to obtain a root access

For us to fully pwned the machine, we need to submit the user flag and root flag.

Let’s start!

Information Gathering on HTB machine

We can start the activity by doing information gathering to obtain any information on the target’s machine as much as possible. The purpose of that activity is to gain information on the target’s machine such as system vulnerabilities and potential attack vectors.

The command that can be used for information gathering is as follows:

nmap -sC -sV <IP Address> -oA intial

Once we have obtained a Nmap result, we can enumerate further the service that we found.

Enumeration of HTTP Service

All HTB machines will have HTTP ports open which normally have a lot of things that we can look into.

Normally, I will run gobuster to enumerate the directory on the website interface. Aside from that, I also can use Burpsuite to play with the requests from the website itself.

We also can enumerate subdomain if there’s vulnerability on the actual website by running gobuster command

Escalate to Root Privileges Access

As for the root privileges access, I will find any useful SUID Binary which will allow us to obtain a root shell at least.

We also can use Linpeas.sh for Linux enumeration and winpeas.sh for windows enumeration so that we can verify the SUID Binary that way and if we are lucky, we might also find any path to exploit the machine for root escalation

One thought on “My Methodology to play in Hack The Box machine”

Leave a Reply

Your email address will not be published.