HTB Retired Machine: Devel
HTBRetired Machines

Retired Machine: Devel Walkthrough

Posted on

Step 1: Enumeration

  1. Connect to the Machine: Connect to the HackTheBox VPN and obtain the IP address of the Devel machine.
  2. Port Scanning: Conduct an initial Nmap scan to identify open ports and services. Use the following command:
   nmap -sC -sV -oN scan.txt <IP>

This command performs default script scanning (-sC), version detection (-sV), and saves the output to a file (-oN scan.txt).

  1. Service Enumeration: Analyze the Nmap results to identify the running services and their versions. Pay attention to ports 21 (FTP) and 80 (HTTP).

Step 2: Exploitation

  1. FTP Enumeration: Since port 21 is open, start by enumerating the FTP service. Use tools like nmap or ftp:
   nmap --script ftp-anon,ftp-bounce,ftp-brute -p 21 <IP>

This command will attempt to identify anonymous login and potential vulnerabilities.

  1. Web Enumeration: Explore the web server running on port 80. Use a web browser or tools like dirb or gobuster to enumerate directories and files.
   dirb http://<IP>
  1. Exploit Research: Search for known vulnerabilities associated with the FTP or web server versions. Look for exploits related to IIS on Windows systems.
  2. Exploit with Metasploit: If applicable, use Metasploit to exploit vulnerabilities. For example, you might use the exploit/windows/iis/iis_webdav_upload_asp module.

Step 3: Post-Exploitation

  1. Shell Access: After successful exploitation, obtain a shell on the system. If not achieved through the initial exploit, try alternative payloads or manual exploitation techniques.
  2. Enumeration: Enumerate the system for valuable information. Check for sensitive files, credentials, or configuration files that may lead to further exploitation.

Step 4: Privilege Escalation

  1. Privilege Escalation: Enumerate the system for privilege escalation opportunities. Look for misconfigured permissions, outdated software versions, or vulnerable services.
  2. Exploit Weaknesses: Common privilege escalation methods include checking for writable files, misconfigured services, or DLL hijacking opportunities.

Step 5: Capture the Flag

  1. Retrieve the Flags: Locate the flag files (user.txt and root.txt). These files are typically located in directories accessible to the current user and root, respectively.
  2. Submit Flags: Submit the flags on the HackTheBox website to mark the machine as “owned” and earn points.

Conclusion

The Devel machine offers a chance to practice enumeration, vulnerability exploitation, and privilege escalation techniques commonly encountered in real-world scenarios. By following this detailed walkthrough and experimenting with different approaches, you’ll enhance your skills and become more proficient in penetration testing and cybersecurity. Remember to document your steps, share your findings with the community, and continue exploring new challenges on HackTheBox to further your knowledge and expertise.