✍️
CTF / Challenges / Boxes
  • ✍️CTF / Challenges / Boxes
    • 💬About me
  • TryHackMe
    • TryHackMe
      • Easy
        • Anonforce
        • Bounty Hacker
        • Brooklyn Nine Nine
        • Coldbox
        • Dav
        • Gaming Server
        • Ignite
        • Lazy Admin
        • Lian_Yu
        • Library
        • Plotted-TMS v3
        • Root Me
        • Simple CTF
        • Startup
        • Thompson
        • Wgel CTF
        • ToolsRus
        • Road
      • Medium
        • 0day
        • Anonymous
        • Haskell
        • Relevant
        • Mr Robot CTF
        • Road
  • HACK THE BOX
    • Hack the Box
      • Easy
        • Beep
        • Mirai
        • Keeper
        • Sau
        • Blue
        • Cap
        • Knife
        • Bashed
        • Nibbles
        • Cozy Hosting
        • Validation
        • Legacy
        • Antique
        • Pilgrimage
        • Wifinetic
        • ScriptKiddie
        • Explore
        • Horizontall
        • Blocky
        • Bank
        • Blunder
  • LetsDefend
    • LetsDefend
      • PRACTICE WITH SOC ALERTS
        • SOC146
        • SOC140
        • SOC114
        • SOC120
        • SOC141
        • SOC165
        • SOC168
        • SOC167
        • SOC169
        • SOC170
        • SOC104_ID14
      • CHALLANGES
        • Malicious Doc
        • Malicious VBA
Powered by GitBook
On this page
  1. HACK THE BOX
  2. Hack the Box
  3. Easy

Antique

Last updated 1 year ago

  1. Enumeration machine.

We found JetDirect on port 23 so we can check more info by using netcat.

The "-v" flag specifies that we would like verbose output (more detailed). The "-n" option specifies that we do not wish to use DNS or service lookups on any addresses, hostnames or ports.

  1. Searching vulnerability for HP JetDirect (printer).

Execution:

Copying result to the CyberChef.

  1. Log in to telnet by using found credentials.

We can execute system commands.

Testing:

  1. Reverse shell to our machine.

Starting listener and executing above command.

We are inside, so we can get a first flag:

  1. Uploading linpeas and interesting results:

Uploading nmap to victim machine.

source:

Results:

Checking architecture.

Source to download Chisel.

We have to install Chisel on our machine and victim system.

  1. Starting Chisel server on our machine.

Starting Chisel on victim system.

  1. Checking the previously found port.

We can find exploit for CUPS 1.6.1.

  1. Downloading exploit to our kali and uploading to victim system.

Running exploit:

I was trying to crack hash from /etc/shadow but no success.. so I read the root flag:

Port Forwarding – Chisel:

Session is open

or:

👏
🎉
🎉
👏
https://juggernaut-sec.com/port-forwarding-lpe/
https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py