Password Attacks Lab - Medium
ℹ️ Informations¶
- 🌐 Website: HackTheBox
- 📚 Module: Password Attacks
- 🔗 Link: Password Attacks Lab - Medium
❓Question¶
Examine the second target and submit the contents of flag.txt in /root/ as the answer.
📋 Walkthrough¶
- Port Scan: Running a port scan on the target reveals open ports and services. The target is likely running Linux with SSH and Samba services.
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)
139/tcp open netbios-ssn Samba smbd 4
445/tcp open netbios-ssn Samba smbd 4
-
Brute Force SMB Login:
Using Hydra to brute force SMB login credentials. The target does not support SMBv1. -
List SMB Shares:
Listing available SMB shares on the target. -
Access SMB Share:
Accessing theSHAREDRIVEshare and downloadingDocs.zip. -
Extract and Crack Zip File:
ExtractingDocs.ziprequires a password. Using John the Ripper to crack the zip file password.
-
Crack Document Password:
Cracking the password for┌──(kali㉿kali)-[~/Desktop/HTB/Academy] └─$ office2john Documentation.docx > hash ┌──(kali㉿kali)-[~/Desktop/HTB/Academy] └─$ john -w=mut.txt hashDocumentation.docxusing John the Ripper. -
SSH to Target:
Using the credentials found in the document to SSH into the target as userjason. -
Check for Open Ports:
Checking for open ports on the target to find a MySQL database running locally. -
Access MySQL Database:
Logging into the MySQL database and retrieving credentials from thecredstable. -
Switch User to
Using the credentials found in the database to switch to userdennis:dennis. -
Retrieve SSH Key:
Retrieving the SSH private key fordennisand cracking its passphrase using John the Ripper. -
SSH as Root:
Using the cracked SSH key to SSH into the target as root and retrieve the flag.
Answer
HTB{**********}