HackTheBox Writeup — Hawk

NMAP Results

FTP Login (Anonymous)

Web Service (Port 80)

Exploting Drupal

User Flag

Privelege Escalation

>>>import os

>>>os.system(“/bin/bash”)

python3 exploit.py -H 127.0.0.1:8082

Root Flag

Vulnerabilities Used To Solve This Box

  • Anonymous FTP Login which leaks an OpenSSL file containing password for Admin Login on Drupal
  • RCE on Drupal by enabling PHP Filter and posting PHP Codes
  • User Password on Drupal Config File which leads to SSH Connection to the user Daniel
  • Vulnerable H2 Database which leads to RCE as Root

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Faisal Husaini

Faisal Husaini

668 Followers

Hacker | Red Teamer | Python Coder | Gamer | Reverse Engineering Lover