In this post, let’s see how to CTF bizness box from HTB. All the best to my fellow competitors on competing in open beta 4.
If you have any doubt, please comment down below 👇🏾
Hacking Phases in Bizness HTB
- Information Gathering
- Directory Enumeration
- Vulnerability Analysis
- Privilege Escalation
Hey you ❤️ Please check out my other posts, You will be amazed and support me by following on youtube.
Let’s Hack Bizness HTB 😌
How about we begin by running a Rustscan to check which ports are currently being used?
rustscan -a bash <IP> --unlimit 5000
We’ve identified two ports, one for HTTP and the other for HTTPS services. If we visit our machine’s IP address, we’ll notice a redirect to https://bizness.htb. Let’s add that to our /etc/hosts file. Afterward, we’ll discover the next page.
After delving deeper, there doesn’t seem to be anything noteworthy or actionable.
It might be a good idea to search for a subdomain or directory that we currently don’t have access to.
I used dirsearch and uncovered the following 👇🏾
dirsearch -u <url>
You discovered a login page within the directory https://bizness.htb/control/login. Upon visiting it, you observed that the page is utilizing Apache OFBiz, the service we need to exploit.
We’ve identified the running service and could search for a CVE to exploit it. When I searched for “Apache OFBiz CVE” on Google, CVEdetails.com provided us with the following relevant information:
CVE-2023-51467 enables Remote Code Execution (RCE). I discovered a Git repository that allows us to test if our target is vulnerable to this exploit.
It turns out that it’s vulnerable.
I discovered a repository that enables us to exploit this vulnerability. 👇🏾
Here’s a detailed description of how it operates [Click Here]
Let’s utilize it in this manner:
Our netcat listener successfully granted us access to the target.
Here is the user’s flag,
We need to explore further to find a file containing valuable information.
We’ve discovered the password, but we still need the SALT part to crack it.
We got it!
To crack it, I suggest using the following Python script that I found on this page:
Here are the results I obtained
Use “su” to elevate privileges using the found password, then use “cat root.txt” to display the contents of the root flag.
This is one of the easiest box in hackthebox, My rating is a solid 2.5 out of 10 and hope you learned something new. ❤️
See you in the next post ❤️🎉