Hack the Box Access: Walkthrough

Today we are going to solve another CTF challenge “Access”. It is a retired vulnerable lab presented by Hack the Box for helping pentester’s to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level.

Level: Easy

Task: To find user.txt and root.txt file

Note: Since these labs are online available therefore they have a static IP. The IP of Access is 10.10.10.98.

Penetrating Methodologies:

  • Network scanning (nmap).
  • Logging in FTP using Anonymous Login.
  • Using strings to read contents of the .mdb file.
  • Unzipping Zip file using 7z.
  • Using readpst to read the contents of the .pst file.
  • Finding Login Credentials
  • Logging into Telnet.
  • Finding the first flag user.txt
  • Using web delivery module to create PowerShell code.
  • Getting Meterpreter.
  • Using exploit suggester of Metasploit.
  • Getting Root Access.
  • Changing the Administrator password using net user.
  • Reading Our Final flag root.txt

Walkthrough

Let’s start off with scanning the network to find our target.

The first thing that got our attention is that we have anonymous access to the ftp server. Let’s login and see what we find.

After successfully logging into FTP server, we have enumerated directories from where we have downloaded two files Access Control.zip and backup.mdb. They might come in handy later on.

When we tried to unzip the zip file found out that it was password protected. So we tried to open the backup.mdb file and found a password to the zip file.

Once we have obtained the password for the Access Control.zip. Time to unzip it. After unzipping we saw its a .pst which is a Microsoft Exchange Format for mailboxes. Using readpst it converted the file into the .mbox format.

Let’s read the contents of the Access Control.mbox.

After reading the contents, we saw that user credentials that surely going to help us to move ahead.

Let’s login into telnet using our new credentials. After enumerating through directories, we have found our first flag.

Let’s create a shellcode generated via the web delivery module of Metasploit.

Now we will execute the PowerShell code generated via the web delivery module.

We have successfully got the meterpreter. Moving forward.

After that, we have used exploit suggester which has given us all the possible exploits for the operating system of the Victims system.

Using the exploit ms16_014_wmirecv_notif of Metasploit.

oh yeah! We have got the root access.

Now we changed the password for Administrator because we can use it to login via telnet.

Here we successfully logged in via Telnet and found our final flag.

Author: Ashray Gupta is a Security Researcher and Technical Writer at Hacking Articles. Contributing his 2 years in the field of security as a Penetration Tester and Forensic Computer Analyst. Contact Here

1 Comment Hack the Box Access: Walkthrough

Leave a Reply

Your email address will not be published. Required fields are marked *