Hack the Box - Traverxec

Machine IP: 10.10.10.165 - Linux
Webserver: Nostromo 1.9.6

Vulnerabilities:
  - CVE-2019-16278 (Nostromo: Path Traversal and Command Execution)

Server:

Nostromo 1.9.6

Port-80 (HTTP)

Home Page

Exploit

Path Traversal and Command Execution

Shell Upgrade

Lateral Movement

Target Enumeration

LinPEAS
LinEnum
Credentials: david:$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ/

Crack the Password Hash

▶ hashcat -m 500 -a 3 david.htpasswd /usr/share/wordlists/rockyou.txt

Password:
Did not prove to be uselful.

Further Enumeration

ZIP Contents
Crack id_rsa to get SSH password.

SSH

Privilege Escalation

david@traverxec:~/bin$ /usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service

journalctl is a command-line utility that allows users to view and manipulate logs from the systemd journal. This is a central logging system that collects and stores logs from various system components, such as kernel messages, system services, and applications.

!/bin/bash

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

traverxec.md

traverxec.md

Hack the Box - Traverxec

Server:

Port-80 (HTTP)

Exploit

Path Traversal and Command Execution

Shell Upgrade

Lateral Movement

Target Enumeration

Crack the Password Hash

Further Enumeration

SSH

Privilege Escalation

Files

traverxec.md

Latest commit

History

traverxec.md

File metadata and controls

Hack the Box - Traverxec

Server:

Port-80 (HTTP)

Exploit

Path Traversal and Command Execution

Shell Upgrade

Lateral Movement

Target Enumeration

Crack the Password Hash

Further Enumeration

SSH

Privilege Escalation