HackTheBox Writeup — Traverxec

Information Gathering

After a basic port scan I’ve found ports 22 and 80 open which suggest that
we are dealing with a web application.

Getting User

Found a Metasploit Module related to that vulnerability and used it for
exploitation.

david:$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ/

Getting Root

The first thing was to check the user’s home directory and something
catchy smiled at me, it was a bash script containing a command that was
executed using sudo.

/usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service | /usr/bin/cat
/usr/bin/sudo $(less) /usr/bin/journalctl -n5 -unostromo.service

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store