Entrada

HTB - Chemistry | (Difficulty Easy) - Linux

Writeup de la máquina de dificultad fácil Chemistry de la página https://hackthebox.eu

Publicado Actualizado
Preview Image
Por ju4ncaa
1 min de lectura
HTB - Chemistry | (Difficulty Easy) - Linux

Useful Skills

  • Web enumeration
  • Abusing Pymatgen <2024.2.20. Arbitrary Code Execution (CVE-2024-23346)
  • Information lekeage (database.db)
  • Abusing LFI in Aiohttp =< 3.9.1 (CVE-2024-23334)

Enumeration

TCP Scan

1
2

rustscan -a 10.10.11.38 --ulimit 5000 -g
10.10.11.38 -> [22,5000]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

nmap -p22,5000 -sCV 10.10.11.38 -oN tcpScan
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-02 14:11 CET
Nmap scan report for 10.10.11.38 (10.10.11.38)
Host is up (0.034s latency).

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 b6:fc:20:ae:9d:1d:45:1d:0b:ce:d9:d0:20:f2:6f:dc (RSA)
|   256 f1:ae:1c:3e:1d:ea:55:44:6c:2f:f2:56:8d:62:3c:2b (ECDSA)
|_  256 94:42:1b:78:f2:51:87:07:3e:97:26:c9:a2:5c:0a:26 (ED25519)
5000/tcp open  http    Werkzeug httpd 3.0.3 (Python 3.9.5)
|_http-server-header: Werkzeug/3.0.3 Python/3.9.5
|_http-title: Chemistry - Home
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.87 seconds

UDP Scan

1
2
3
4
5
6
7
8
9
10
11
12
13

nmap -sU --top-ports 1500 --min-rate 5000 -n -Pn 10.10.11.38 -oN udpScan
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-02 14:12 CET
Nmap scan report for 10.10.11.38
Host is up (0.035s latency).
Not shown: 1495 open|filtered udp ports (no-response)
PORT      STATE  SERVICE
7/udp     closed echo
69/udp    closed tftp
16402/udp closed unknown
31134/udp closed unknown
36108/udp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 0.87 seconds

Esta máquina sigue activa en HackTheBox. Una vez que se retire, este artículo se publicará para acceso público, de acuerdo con la política de HackTheBox sobre la publicación de contenido de su plataforma.

Writeup, Hack the Box
htb hacking hack the box linux easy writeup redteam pentesting
Esta entrada está licenciada bajo CC BY 4.0 por el autor.