Welcome to another Hack The Box exercise. Today, we will try and pwn the PermX machine on Hack The Box. If you are new to this blog, please do not forget to like, comment and subscribe to my YouTube channel and follow me on LinkedIn for more updates.
About the machine
PermX is an "easy" difficulty Linux machine on HackTheBox (HTB) that involves concepts such as RCE in an LMS, credential hunting, and exploiting a misconfigured script. The machine's write-ups detail the exploitation of a Chamilo LMS web application to gain root access. PermX is a Linux machine featuring a learning management system vulnerable to unrestricted file uploads via [CVE-2023-4220](https://nvd.nist.gov/vuln/detail/CVE-2023-4220). This vulnerability is leveraged to gain a foothold on the machine. Enumerating the machine reveals credentials that lead to SSH access. A `sudo` misconfiguration is then exploited to gain a `root` shell.
The first step in pwning this machine is to connect the Kali Linux machine with the Hack the Box server. To do this, I logged in to my HTB account and click “Connect to HTB.” I chose the EU server and click on the “Download VPN” button.
Once the download has been completed (.ovpn file), I moved it into the new folder I have just created on my desktop called "PermxHTB.”. Once the file has been moved/copied, I opened the directory in my terminal by right-clicking and chose the option “Open in terminal.” Once my terminal has been opened, I typed the following commands to establish a connection between my Kali Linux terminal and Hack The Box server:
0 Comments