For this machine, using gobuster
command exposed the credentials to access the open FTP port which led to finding out about the vulnerable MySQL database that allows foreign server to import arbitrary data exposing credentials. i.e. you could implement a local database and table giving full privilege and connect it to the vulnerable MYSQL database.
For root, a script was found to execute as root using sudo
command. Upon reviewing the script code, the Python Library Hijacking technique was then attempted to escalate privilege to get root.
Nmap
gobuster
gunzip
and tar -xvf
mysql -h localhost -u <username> -p
sudo -l
nc
Nmap TCP Output
************* PORT 80 HTTP *******************************************
The** /admin-dir** directory was found within the robots.txt file.
Looks like the /admin-dir has something juicy.
#vulnerability #pentesting #hackthebox #htb #database