This machine is an easy rated Linux machine. This writeup will demonstrate how I was able to obtain root access. At the time of writing, this is an ACTIVE machine. Once the machine is retired, the rest of the content of this writeup will be published.

Scanning

First we will start out using rustscan to get a quick overview of the ports that are open on the machine.

rustscan -g -a 10.129.99.115 --ulimit 5000

In the output of rustscan we see that port 22 and port 80 are detected.

10.129.99.115 -> [22,80]

We will take the ports we found using rustscan and pass them to nmap. We will use the -oA flag to write the output of the scan for later referencing.

nmap -p 22,80 -sC -sV -oA Nmap/rustports 10.129.99.115

In the output of the scan, we can see and SSH service and HTTP service running.

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 9.6p1 Ubuntu 3ubuntu13.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 62:ff:f6:d4:57:88:05:ad:f4:d3:de:5b:9b:f8:50:f1 (ECDSA)
|_  256 4c:ce:7d:5c:fb:2d:a0:9e:9f:bd:f5:5c:5e:61:50:8a (ED25519)
80/tcp open  http    nginx 1.24.0 (Ubuntu)
|_http-title: Did not follow redirect to http://planning.htb/
|_http-server-header: nginx/1.24.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

In the nmap output we can see that port 80 is attempting to redirect us to planning.htb, this can be added to the /etc/hosts file so that we can access it.

echo -e '10.129.99.115\tplanning.htb' | sudo tee -a /etc/hosts

HackTheBox Publishing Policy

This machine is currently ACTIVE on HackTheBox. The rest of the content of this writeup is not being shared until the machine is retired. This is in line with the publishing guidelines from HackTheBox.