Welcome to another Hack the Box walkthrough. In this blog post, I have demonstrated how I owned the BoardLight machine on Hack the Box. Hack The Box is a cybersecurity platform that helps you bridge knowledge gaps and prepares you for cyber security jobs. If you are new to this blog, please don’t forget to like, comment, and subscribe to my YouTube channel and follow me on LinkedIn for more HTB walkthroughs and cybersecurity related contents.
About the Machine
The BoardLight machine is an introductory-level challenge on Hack The Box (HTB). It is an easy level Linux machine that features a Dolibarr instance vulnerable to CVE-2023-30253. This vulnerability is leveraged to gain access as www-data. After enumerating and dumping the web configuration file contents, plaintext credentials lead to SSH access to the machine. Enumerating the system, a `SUID` binary related to `enlightenment` is identified which is vulnerable to privilege escalation via CVE-2022-37706 and can be abused to leverage a root shell.
These guides cover enumeration, vulnerability exploitation, and privilege escalation techniques Boardlight Walkthrough. The machine is considered very easy to root.
The first step in solving this machine is to connect the Kali Linux machine with Hack the Box server. To do this, I logged in into my HTB account and click “connect to HTB” I chose my server as EU and click on the “Download VPN” button. This downloaded a .ovpn extension file.
Once the .ovpn file has been downloaded, I created a folder on my desktop and moved it into the new folder named “BoardlightHTB”. Once the file has been moved, I opened the directory in my terminal by right-clicking and choosing the option “Open in terminal”. Once the terminal has been opened, I typed the following commands to establish a connection between my Kali Linux terminal and Hack the Box server.
0 Comments