The other day, a friend asked if I was on HacktheBox and I was reminded that I'd been absent for a while.  Apparently, they are cranking out a new box every week which could be good or bad -- I'm not really sure.  While looking for something to write, I thought I'd take on one of their retired boxes and that would solve two "needs" simultaneously.  

This box was interesting mostly because of the hunt for the exploit to gain a foothold on the system.  From there, it was trial and error as to which technique would work for a particular task.  After that, root was easy.

First, we kick off with Nmap:

The description states:  "The machine was part of my workshop for Hacker Fest 2019 at Prague.  Difficulty level of this VM is very “very easy”. There are two paths for exploit it."

In the eye of the beholder and such but yes, very easy.  I saw the description and I thought this might be a good machine to check out for my weekend group.  One person has already rooted it and all I did was mention it so we're off to a good start.

Anyway, we kick off with Nmap:

In a previous post, I wrote about how to get a reverse shell on Drupal 7 (and possibly earlier).  I'm currently working on a project involving Drupal and I'm also teaching a class this weekend -- I thought... why not pair the two together.  I figured if I built something for the class with Drupal, that would lend a hand with my project.  Familiarity and such.  I "thought" I was going to recycle my knowledge from the previous post but it turns out in Drupal 8, they removed the filter function which allows you to insert PHP into the posts.  After some reading, it turns out their reasoning was due to the fact that hackers can exploit this functionality.