hackthebox bastard walkthrough

Starting with nmap.

Scan all ports with masscan

Doing another scan in open ports using default script.

port 80 reveals Drupal website.

hackthebox – bastard – Drupal

Looking at CHANGELOG.txt we are using Drupal version 7.54. Simple Google searching, we found another exploit here.

Oopss!! let me try that again.

Sweet! I am iusr. what can I do?? Let’s grab system information.

We got OS information. Hmm, useful, save it as systeminfo.txt file. Anyway, let’s work to grab a shell. Create a exe file using msfvenom.

Setup python server…

…and listen in port 4444 for shell.

Run the following command.

In above command, is my IP address.

Hopefully you will get shell too.

Use windows-exploit-suggestor against systeminfo.txt that we saved before.

For some reason, I was not able to execute exe if I get it from the shell, so I used a python script to download executable and ran it. For this box, I used MS19-059 as before. I get it from here. Remember, it is a good practice to compile your own binary. This may not be the intended way but I did this way. Feel free to mention alternative ways (other than ippsec walkthrough)

Listen for shell on port 443.

Run the script.

Now, you can read the flags.

Leave a Reply

Your email address will not be published. Required fields are marked *