HTB Valentine Write-up

Abstract

The box teaches us how to detect and exploit the “Heartbleed” vulnerability which is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. More on that on this site. We get a weired looking hex string which actually is the id_rsa private key, converting it to ASCII and giving it necessary permissions, we try to login as user “hype” but get a password prompt on the private key. Exploiting the heartbleed vulnerability gives us sensitive password of the id_rsa. We log in successfully. After logging in, we see root is running tmux process on a definite binary. Simply exploiting that suid vulnerability gives us root.

Enumeration

As always we start with an nmap scan.

Exploitation

Login via ssh:

Escalation

Firstly lets look for SUID binaries;

Conclusion

According to TJ Null this was an OSCP type box which is actually perfect for learning and trying out different things without getting into too many technical difficulties.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store