Box Info
  • Name:BoardLight
  • OS: Linux
  • Difficulty: Easy
  • IP: 10.10.11.11
BoardLight box image

Setup

mkdir -p ~/ctf/HackTheBox/boardlight/scans; cd ~/ctf/HackTheBox/boardlight IP Address: 10.10.11.11

echo "10.10.11.11 boardlight.htb" | sudo tee -a /etc/hosts 10.10.11.11 boardlight.htb

Enumeration

nmap -sC -sV -Pn -p- boardlight.htb -oN scans/nmap -vv nmap -sC -sV -p- -T5 --min-rate 2500 -oN scans/nmap_2 boardlight.htb d911ed57aa529e692a9b0285f131216f.png

boardlight.htb didnt have any directory or subdomain so found this on home page : board.htb

08f1bd4dbdf75820fcca97c443eb06dc.png

76e1952c31a82acd698b53ee35a2b806.png

Homepage: 43edaa7963024616cbda1f4eb734a86c.png

Version was mentioned found a cve and exploit CVE-2023-30253

using hit and trial admin:admin worked

got reverse shell 5fababf7e0c9ecd886fad188a1c599a6.png b3a33e325de81cdf1e075579b6049593.png

using find . -name conf* 7deb34c7ec3cfe17c2bd10a5350dc253.png

after logging in larissa account and running linpeas we found c97ba3c7c0203bf8ca7b1ca3af7f7ec2.png

quick google search returned a cve CVE-2022-37706 running this script in machine gave us root c9944044a84f44e5fa7a6a50bb2d0c4a.png

user flag

Location: /home/larissa | Flag: ad4c##################################

after logging in larissa account and running linpeas we found c97ba3c7c0203bf8ca7b1ca3af7f7ec2.png quick google search returned a cve CVE-2022-37706

running this script in machine gave us root c9944044a84f44e5fa7a6a50bb2d0c4a.png

root flag

Location: /root | Flag: a87##################################