Aliens HTB

Aliens HTB Write-Up: A Comprehensive Guide

The “Aliens” machine on Hack The Box (HTB) is a medium-difficulty challenge that tests a wide range of penetration testing skills. This guide will take you through each step to successfully exploit this machine, from initial reconnaissance to gaining root access. Whether you’re new to HTB or looking to refine your skills, this write-up will provide a detailed walkthrough of the Aliens box.

Introduction to the Aliens HTB Machine

What is Hack The Box?

Hack The Box is an online platform that allows users to practice their penetration testing skills in a legal and controlled environment. It features various machines, each with its own unique challenges.

Overview of the Aliens Machine

Aliens is classified as a medium-difficulty machine on HTB. The challenge involves a combination of web exploitation, file inclusion vulnerabilities, and privilege escalation techniques.

Initial Reconnaissance

Scanning the Target

The first step in any penetration test is to perform a thorough scan of the target machine. We’ll use tools like Nmap to identify open ports, services, and potential entry points.

Command:

bash

Copy code

nmap -sC -sV -oN aliens.nmap 10.10.10.150

Analyzing Nmap Results

The Nmap scan reveals several open ports and services. Key services to note are:

  • Port 22: OpenSSH 7.6p1
  • Port 80: Apache HTTP Server 2.4.29

Web Server Enumeration

With port 80 open, our next step is to explore the web server. Tools like Gobuster can be used to discover hidden directories and files.

Command:

bash

Copy code

gobuster dir -u http://10.10.10.150 -w /usr/share/wordlists/dirb/common.txt

Exploiting the Web Application

Identifying Vulnerabilities

Upon browsing the web server, we discover a website with an interesting file upload functionality. This could be a potential entry point if it’s not properly secured.

File Upload Exploitation

After some testing, we find that the file upload feature is vulnerable to Local File Inclusion (LFI). This vulnerability allows us to include files on the server through the “upload” functionality.

Exploiting LFI to Gain Initial Access

By exploiting the LFI vulnerability, we can include sensitive files such as /etc/passwd, potentially giving us valuable information about the system.

Command:

bash

Copy code

http://10.10.10.150/upload.php?file=../../../../../../etc/passwd

Gaining a Foothold

Uploading a Reverse Shell

Once we’ve confirmed the LFI, the next step is to gain a foothold on the system. We can upload a PHP reverse shell and trigger it through the vulnerable upload feature.

Establishing a Connection

With the reverse shell uploaded, we establish a connection back to our machine using Netcat.

Command:

bash

Copy code

nc -lvnp 4444

Gaining Initial Access

When the reverse shell is executed, we gain access to the web server with limited user privileges. Now, it’s time to escalate our privileges to gain full control.

Privilege Escalation

Enumerating the System

Once inside, it’s essential to enumerate the system for potential privilege escalation vectors. Common files and directories to check include:

  • /etc/passwd
  • /etc/shadow
  • SUID binaries

Exploiting SUID Binaries

Upon further inspection, we discover a SUID binary that can be exploited to escalate privileges. By carefully crafting our exploit, we can execute commands as the root user.

Root Access

After executing the exploit, we gain root access to the machine. With this level of access, we have complete control over the system.

Command:

bash

Copy code

/root/root.txt

Conclusion

Summary of Steps

The Aliens machine on HTB is a well-rounded challenge that requires a solid understanding of web exploitation, LFI, and privilege escalation. By following the steps outlined in this guide, you should be able to successfully root the machine.

Final Thoughts

While Aliens is classified as medium difficulty, it offers a great learning experience for both new and experienced penetration testers. Each step in the exploitation process reinforces key concepts that are vital in the field of cybersecurity.

Similar Posts