Post

HTB Linux Easy: Codify

Codify is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Codify

Nmap

Pasted image 20240715101620.png

Initial Foothold

The website redirects to codify.htb, add this domain to the hosts file: Pasted image 20240715101615.png

Enumerating HTTP (Port 80)

The about page mentions the usage of the vm2 library which is vulnerable to RCE. Pasted image 20240715101608.png

Gain shell

Gain a reverse shell from the PoC RCE payload. Pasted image 20240715101602.png

Shell as the svc user: Pasted image 20240715101558.png

Lateral movement

In /var/www/contact we find a tickets.db file with a username and password hash. Pasted image 20240715101554.png

This password can be cracked using JohnTheRipper. Pasted image 20240715101550.png

Become the Joshua user joshua:spongebob1. Pasted image 20240715101546.png

Priv Esc

Sudo -l output. Pasted image 20240715101542.png

Script accepts wildcards (input *). Pasted image 20240715101537.png

Create a Python script to bruteforce the password login using the wildcard. Pasted image 20240715101531.png

The script should output the password: kljh12k3jhaskjh12kjh3 Pasted image 20240715101527.png

Change to root using the retrieved password. Pasted image 20240715101521.png

User.txt

Pasted image 20240715101518.png

Root.txt

Pasted image 20240715101513.png

You have PWNED

Pasted image 20240715101509.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.