Welcome to another Hack the Box Walkthrough. Today, we are going to try and pwn the Sea machine on Hack The Box. Hack The Box is a cybersecurity platform that helps you bridge knowledge gaps and prepares you for cyber security jobs. You can also test and grow your penetration testing skills, from gathering information to reporting. If you are new to this blog, please do not forget to like, comment and subscribe to my YouTube channel (https://www.youtube.com/@BoltechTechnologies1) and follow me on LinkedIn (https://www.linkedin.com/in/isiaq-ibrahim-468588156/) for more updates.
About the Machine
The Sea machine on Hack The Box (HTB) is an easy-difficulty challenge. Initial access was gained by exploiting a vulnerability, such as CVE-2023–41425, to obtain a reverse shell. Another approach involved exploiting WonderCMS, cracking a password hash, and then escalating privileges. Sea is an easy difficulty Linux machine that features CVE-2023-41425 in WonderCMS, a cross-site scripting (XSS) vulnerability that can be used to upload a malicious module, allowing access to the system. The privilege escalation features extracting and cracking a password from WonderCMS's database file, then exploiting a command injection in custom-built system monitoring software, giving root access.
This writeup detailed how I pwned the Sea machine on Hack the Box. The first step in solving this machine is to connect the Kali Linux terminal with the Hack the Box server. To do this, I logged in to my Hack the Box account and click the “connect to HTB” button. I chose EU servers and click on the “Download VPN” button.
Once the lab access file has been downloaded, I renamed it to sea.ovpn and moved it into a new folder I have created on my desktop called “SeaHTB”. Once the file had been moved, I opened the directory in my terminal by right-clicking and chose the option “Open in terminal." Once my terminal had been opened, I typed the following commands to establish a connection between my Kali Linux terminal and hack the box server:
0 Comments