In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access. Affected: Linux Machines, Software Development, Cybersecurity
Keypoints :
- Initial foothold gained by exploiting CVE-2024–23346 in the Pymatgen library.
- A CIF file uploader was present on port 5000, allowing for file uploads and potential code execution.
- Reverse shell payload was used to gain access after parsing a CIF file.
- User `rosa` was accessed after cracking an MD5 hash from the `app` user’s database.
- SSH tunneling was utilized to exploit a service running on port 8888, revealing a dashboard on port 4000.
- Create a directory traversal attack using the aiohttp vulnerability, CVE-2024–23334, to access restricted files.
- Root access was obtained by retrieving the `id_rsa` file from the root directory, allowing SSH login as root.
MITRE Techniques :
- T1203 – Exploitation for Client Execution: The CVE-2024–23346 vulnerability was exploited to execute arbitrary code through the uploading of a malicious CIF file.
- T1090 – Connection Proxy: An SSH tunnel was used to proxy the connection, allowing access to the service running on port 8888.
- T1210 – Exploitation of Remote Services: The CVE-2024–23334 vulnerability was exploited for a path traversal attack to access sensitive files.
- T1071 – Application Layer Protocol: A reverse shell was established using HTTP(S) to communicate with the attacker’s machine.
Full Story: https://infosecwriteups.com/chemistry-walkthrough-hackthebox-36ef34fe0462?source=rss—-7b722bfd1b8d—4