Telegram

Смотри на t.me/kiberdruzhinnik/513.

Разведка

Начнем решение машины со сканирования портов. Я воспользуюсь rustscan:

$ rustscan -a 10.129.27.77 -- -sCTV -Pn
.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.
| {}  }| { } |{ {__ {_   _}{ {__  /  ___} / {} \ |  `| |
| .-. \| {_} |.-._} } | |  .-._} }\     }/  /\  \| |\  |
`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Scanning ports: The virtual equivalent of knocking on doors.

[~] The config file is expected to be at "/home/rustscan/.rustscan.toml"
[~] File limit higher than batch size. Can increase speed by increasing batch size '-b 1048476'.
Open 10.129.27.77:80
Open 10.129.27.77:22
[~] Starting Script(s)
[>] Running script "nmap -vvv -p {{port}} {{ip}} -sCTV -Pn" on ip 10.129.27.77
Depending on the complexity of the script, results may take some time to appear.
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
[~] Starting Nmap 7.94 ( https://nmap.org ) at 2024-10-13 07:13 UTC
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 07:13
Completed Parallel DNS resolution of 1 host. at 07:13, 2.35s elapsed
DNS resolution of 1 IPs took 2.35s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 07:13
Scanning 10.129.27.77 [2 ports]
Discovered open port 22/tcp on 10.129.27.77
Discovered open port 80/tcp on 10.129.27.77
Completed Connect Scan at 07:13, 0.45s elapsed (2 total ports)
Initiating Service scan at 07:13
Scanning 2 services on 10.129.27.77
Completed Service scan at 07:13, 6.67s elapsed (2 services on 1 host)
NSE: Script scanning 10.129.27.77.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 9.34s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 1.54s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
Nmap scan report for 10.129.27.77
Host is up, received user-set (0.33s latency).
Scanned at 2024-10-13 07:13:10 UTC for 18s

PORT   STATE SERVICE REASON  VERSION
22/tcp open  ssh     syn-ack OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 31:83:eb:9f:15:f8:40:a5:04:9c:cb:3f:f6:ec:49:76 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMM6fK04LJ4jNNL950Ft7YHPO9NKONYVCbau/+tQKoy3u7J9d8xw2sJaajQGLqTvyWMolbN3fKzp7t/s/ZMiZNo=
|   256 6f:66:03:47:0e:8a:e0:03:97:67:5b:41:cf:e2:c7:c7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+zjgyGvnf4lMAlvdgVHlwHd+/U4NcThn1bx5/4DZYY
80/tcp open  http    syn-ack Apache httpd 2.4.58
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://instant.htb/
|_http-server-header: Apache/2.4.58 (Ubuntu)
Service Info: Host: instant.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 07:13
Completed NSE at 07:13, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.88 seconds

Мы обнаружили стандартные для HackTheBox порты: SSH и HTTP. Давайте занесем найденное доменное имя в /etc/hosts:

$ sudo nano /etc/hosts
10.129.27.77 instant.htb

Доступ ограничен правилами HackTheBox

В открытом доступе можно публиковать решение задачи после после ее ухода на пенсию.

Непубличное решение задачи ищите в телеграм-канале.