PermX is an easy rated Linux machine from week 12 of HackTheBox season 5 “Anomalies”. In this walkthrough, I will demonstrate how I was able to obtain root access to this machine. This box was a standard easy rated box with a privilege escalation vector that required a bit of thinking.

Rustscan and Nmap

First rustscan is run to quickly get a list of open ports. The -g flag is used in this case so that the output is provided as a list that can be easily passed to nmap.

rustscan -g -a 10.129.162.181 -ulimit 5000

[22,80]

We can then take these ports and pass them to an nmap scan.

nmap -p 22,80 -sC -sV -oA Nmap/rustports 10.129.252.127

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 e2:5c:5d:8c:47:3e:d8:72:f7:b4:80:03:49:86:6d:ef (ECDSA)
|_  256 1f:41:02:8e:6b:17:18:9c:a0:ac:54:23:e9:71:30:17 (ED25519)
80/tcp open  http    Apache httpd 2.4.52
|_http-server-header: Apache/2.4.52 (Ubuntu)
|_http-title: Did not follow redirect to http://permx.htb
Service Info: Host: 127.0.1.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel

We see a standard set up for an easy rated machine.

HTB Content Publishing Policy

The HackTheBox publishing policy does not permit the posting of writeups for boxes that are currently active. When this box is retired the rest of this post will be added.