Post

HTB Linux Easy: Broker

Broker is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Broker

Nmap

Pasted image 20240715102424.png Pasted image 20240715102420.png Pasted image 20240715102415.png Pasted image 20240715102411.png

Initial Foothold

Enumerate HTTP (Port 61616)

ActiveMQ is running on port 61616. The version is 5.15.15, as disclosed by Nmap. We can use a Python PoC to gain shell access to the machine (modify poc.xml) Pasted image 20240715102402.png

Priv Esc

Sudo -l output. Pasted image 20240715102357.png

The Zimbra Nginx local root exploit PoC script can be used to escalate to root: Pasted image 20240715102352.png

User.txt

Pasted image 20240715102347.png

Root.txt

Pasted image 20240715102342.png

You have PWNED

Pasted image 20240715102338.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.