Introduction
In this post, let’s see how to CTF bizness box from HTB. All the best to my fellow competitors on competing in open beta 4.
If you have any doubt, please comment down below 👇🏾
Hacking Phases in Bizness HTB
- Information Gathering
- Directory Enumeration
- Vulnerability Analysis
- Exploitation
- Privilege Escalation
Let’s Begin
Hey you ❤️ Please check out my other posts, You will be amazed and support me by following on youtube.
Let’s Hack Bizness HTB 😌
https://www.youtube.com/@techyrick-/videos
Information Gathering
How about we begin by running a Rustscan to check which ports are currently being used?
rustscan -a bash <IP> --unlimit 5000
We’ve identified two ports, one for HTTP and the other for HTTPS services. If we visit our machine’s IP address, we’ll notice a redirect to https://bizness.htb. Let’s add that to our /etc/hosts file. Afterward, we’ll discover the next page.
After delving deeper, there doesn’t seem to be anything noteworthy or actionable.
Advertisement
It might be a good idea to search for a subdomain or directory that we currently don’t have access to.
Directory Enumeration
I used dirsearch and uncovered the following 👇🏾
dirsearch -u <url>
You discovered a login page within the directory https://bizness.htb/control/login. Upon visiting it, you observed that the page is utilizing Apache OFBiz, the service we need to exploit.
Vulnerability Analysis
We’ve identified the running service and could search for a CVE to exploit it. When I searched for “Apache OFBiz CVE” on Google, CVEdetails.com provided us with the following relevant information:
CVE-2023-51467 enables Remote Code Execution (RCE). I discovered a Git repository that allows us to test if our target is vulnerable to this exploit.
It turns out that it’s vulnerable.
Exploitation
I discovered a repository that enables us to exploit this vulnerability. 👇🏾
Here’s a detailed description of how it operates [Click Here]
Let’s utilize it in this manner:
Our netcat listener successfully granted us access to the target.
Here is the user’s flag,
Advertisement
Privilege Escalation
We need to explore further to find a file containing valuable information.
We’ve discovered the password, but we still need the SALT part to crack it.
We got it!
To crack it, I suggest using the following Python script that I found on this page:
Here are the results I obtained
Use “su” to elevate privileges using the found password, then use “cat root.txt” to display the contents of the root flag.
Advertisement
Conclusion
This is one of the easiest box in hackthebox, My rating is a solid 2.5 out of 10 and hope you learned something new. ❤️
See you in the next post ❤️🎉
This text is worth everyone’s attention. How
can I find out more?
Excellent post. Keep writing such kind of information on your page.
Im really impressed by your site.
Hi there, You have done a fantastic job. I’ll definitely digg it
and personally recommend to my friends. I am sure they will be benefited from this web site.
Hello tߋ everʏ single οne, it’s in faсt a nice for me tօ
visit this web site, it consists ߋf helpful Іnformation.