Aliens HTB Write-Up: A Comprehensive Guide
The “Aliens” machine on Hack The Box (HTB) is a medium-difficulty challenge that tests a wide range of penetration testing skills. This guide will take you through each step to successfully exploit this machine, from initial reconnaissance to gaining root access. Whether you’re new to HTB or looking to refine your skills, this write-up will provide a detailed walkthrough of the Aliens box.
Introduction to the Aliens HTB Machine
What is Hack The Box?
Hack The Box is an online platform that allows users to practice their penetration testing skills in a legal and controlled environment. It features various machines, each with its own unique challenges.
Overview of the Aliens Machine
Aliens is classified as a medium-difficulty machine on HTB. The challenge involves a combination of web exploitation, file inclusion vulnerabilities, and privilege escalation techniques.
Initial Reconnaissance
Scanning the Target
The first step in any penetration test is to perform a thorough scan of the target machine. We’ll use tools like Nmap to identify open ports, services, and potential entry points.
Command:
bash
Copy code
nmap -sC -sV -oN aliens.nmap 10.10.10.150
Analyzing Nmap Results
The Nmap scan reveals several open ports and services. Key services to note are:
- Port 22: OpenSSH 7.6p1
- Port 80: Apache HTTP Server 2.4.29
Web Server Enumeration
With port 80 open, our next step is to explore the web server. Tools like Gobuster can be used to discover hidden directories and files.
Command:
bash
Copy code
gobuster dir -u http://10.10.10.150 -w /usr/share/wordlists/dirb/common.txt
Exploiting the Web Application
Identifying Vulnerabilities
Upon browsing the web server, we discover a website with an interesting file upload functionality. This could be a potential entry point if it’s not properly secured.
File Upload Exploitation
After some testing, we find that the file upload feature is vulnerable to Local File Inclusion (LFI). This vulnerability allows us to include files on the server through the “upload” functionality.
Exploiting LFI to Gain Initial Access
By exploiting the LFI vulnerability, we can include sensitive files such as /etc/passwd, potentially giving us valuable information about the system.
Command:
bash
Copy code
http://10.10.10.150/upload.php?file=../../../../../../etc/passwd
Gaining a Foothold
Uploading a Reverse Shell
Once we’ve confirmed the LFI, the next step is to gain a foothold on the system. We can upload a PHP reverse shell and trigger it through the vulnerable upload feature.
Establishing a Connection
With the reverse shell uploaded, we establish a connection back to our machine using Netcat.
Command:
bash
Copy code
nc -lvnp 4444
Gaining Initial Access
When the reverse shell is executed, we gain access to the web server with limited user privileges. Now, it’s time to escalate our privileges to gain full control.
Privilege Escalation
Enumerating the System
Once inside, it’s essential to enumerate the system for potential privilege escalation vectors. Common files and directories to check include:
- /etc/passwd
- /etc/shadow
- SUID binaries
Exploiting SUID Binaries
Upon further inspection, we discover a SUID binary that can be exploited to escalate privileges. By carefully crafting our exploit, we can execute commands as the root user.
Root Access
After executing the exploit, we gain root access to the machine. With this level of access, we have complete control over the system.
Command:
bash
Copy code
/root/root.txt
Conclusion
Summary of Steps
The Aliens machine on HTB is a well-rounded challenge that requires a solid understanding of web exploitation, LFI, and privilege escalation. By following the steps outlined in this guide, you should be able to successfully root the machine.
Final Thoughts
While Aliens is classified as medium difficulty, it offers a great learning experience for both new and experienced penetration testers. Each step in the exploitation process reinforces key concepts that are vital in the field of cybersecurity.