Welcome to my second article here on Medium. Today we will be looking at Bastion from HackTheBox. This is a rather realistic box in my opinion and it made a lot of fun. This article will be similiar to my first article, because I will provide some more information on the Box and why it is vulnerable.
Welcome to my second article here on Medium. Today we will be looking at Bastion from HackTheBox. This is a rather realistic box in my opinion and it made a lot of fun. This article will be similiar to my first article, because I will provide some more information on the Box and why it is vulnerable. However, the following articles will not give as much information on the different tools that I will be using. You can look this up in my first article of the series. You can find cheat sheets and helpful information on the tools that Kali has to offer. This will save some time. So let’s get right into it:
Before we start, a few words to my setup:
Today we will be looking at Bastion from HackTheBox, so get your VPN up and running.
First, let’s start with enumeration in order to gain as much information about the machine as possible. The first step is using nmap. My methodology with nmap looks like this:
nmap -A -oA nmap 10.10.10.134
This scan setup runs very fast and shows important results. We can look at our scan with this command:
Nmap port scan
There are some interesting findings to be written down in Cherry Tree, which would also be documented in a pentest report:
I would take a closer look at SMB. Sometimes there is anonymous access on SMB, however there is almost always some kind of authentication on OpenSSH.
The name of the computer seems very suspicious. If you do not know: A bastion is part of a fortification, e.g. a castle. It’s main purpose is to protect the castle against attackers. This technique is also being used in IT. A bastion host is a computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.
There is a really good article on this topic by Henrik Sylvester Pedersen in which he explains that there really isn’t a necessity for a bastion host.
This Edureka video on "Ethical Hacking using Kali Linux " will help you understand all about penetration testing, its methodologies, and tools.
Kali Linux is a purpose built security operating system with a large variety of popular penetration testing tools. Ethical Hacking: Introducing Kali Linux
Ethical Hacking using Kali Linux will help you understand all about penetration testing, its methodologies, and tools.
My goal is to document my journey on achieving the OSCP Certification. This Medium blog is not the place where you can find a quick writeup for a box.
GitHackTools is a the best Hacking and PenTesting tools installer on the world. BruteDum can work with any Linux distros if they support Python 3.