Post

HTB Linux Easy: Blocky

Blocky is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Blocky

Nmap

Pasted image 20240715103539.png

Add the blocky.htb domain name to the hosts file. Pasted image 20240715103534.png

Initial Foothold

Enumerate HTTP (port 80)

Perform directory busting using Dirsearch: Pasted image 20240715103529.png

In the plugins directory we find 2 jar files, we can check the content of these files by decompiling them. Pasted image 20240715103523.png

Credentials were found in the BlockyCore.jar file: root:8YsqfCTnvxAUeduzjNSXe22 Pasted image 20240715103519.png

Use WPScan to enumerate users since the root login doesn’t work: notch Pasted image 20240715103514.png Pasted image 20240715103509.png

Shell

SSH as notch using the password found in the jar file: notch:8YsqfCTnvxAUeduzjNSXe22. Pasted image 20240715103500.png

Priv Esc

Notch is part of the sudoers group which gives us an easy Priv Esc vector. Pasted image 20240715103455.png

User.txt

Pasted image 20240715103446.png

Root.txt

Pasted image 20240715103441.png

You have PWNED

Pasted image 20240715103438.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.