Bizness HacktheBox Writeup | HTB

Introduction

In this post, let’s see how to CTF bizness box from HTB. All the best to my fellow competitors on competing in open beta 4.

If you have any doubt, please comment down below 👇🏾

Hacking Phases in Bizness HTB

  • Information Gathering
  • Directory Enumeration
  • Vulnerability Analysis
  • Exploitation
  • Privilege Escalation

Let’s Begin

Hey you ❤️ Please check out my other posts, You will be amazed and support me by following on youtube.

Let’s Hack Bizness HTB 😌

https://www.youtube.com/@techyrick-/videos

Information Gathering

How about we begin by running a Rustscan to check which ports are currently being used?

rustscan -a bash <IP> --unlimit 5000

We’ve identified two ports, one for HTTP and the other for HTTPS services. If we visit our machine’s IP address, we’ll notice a redirect to https://bizness.htb. Let’s add that to our /etc/hosts file. Afterward, we’ll discover the next page.

After delving deeper, there doesn’t seem to be anything noteworthy or actionable.

Advertisement

It might be a good idea to search for a subdomain or directory that we currently don’t have access to.

Directory Enumeration

I used dirsearch and uncovered the following 👇🏾

dirsearch -u <url>

You discovered a login page within the directory https://bizness.htb/control/login. Upon visiting it, you observed that the page is utilizing Apache OFBiz, the service we need to exploit.

Vulnerability Analysis

We’ve identified the running service and could search for a CVE to exploit it. When I searched for “Apache OFBiz CVE” on Google, CVEdetails.com provided us with the following relevant information:

CVE-2023-51467 enables Remote Code Execution (RCE). I discovered a Git repository that allows us to test if our target is vulnerable to this exploit.

It turns out that it’s vulnerable.

Exploitation

I discovered a repository that enables us to exploit this vulnerability. 👇🏾

[Click Here]

Here’s a detailed description of how it operates [Click Here]

Let’s utilize it in this manner:

Our netcat listener successfully granted us access to the target.

Here is the user’s flag,

Advertisement

Privilege Escalation

We need to explore further to find a file containing valuable information.

We’ve discovered the password, but we still need the SALT part to crack it.

We got it!

To crack it, I suggest using the following Python script that I found on this page:

Here are the results I obtained

Use “su” to elevate privileges using the found password, then use “cat root.txt” to display the contents of the root flag.

Advertisement

Conclusion

This is one of the easiest box in hackthebox, My rating is a solid 2.5 out of 10 and hope you learned something new. ❤️

See you in the next post ❤️🎉


Share your love

3 Comments

  1. Excellent post. Keep writing such kind of information on your page.
    Im really impressed by your site.
    Hi there, You have done a fantastic job. I’ll definitely digg it
    and personally recommend to my friends. I am sure they will be benefited from this web site.

Comments are closed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site