Whitelist: Valentine

VALENTINE

- Layout for this exercise:

1 - INTRODUCTION

- The goal of this exercise is to develop a hacking process for the vulnerable machine Valentine, what is a retired machine from the Hack the Box pentesting platform:

https://www.hackthebox.eu

2 - ENUMERATION

- Valentine's IP is 10.10.10.79:

- Scanning with Nmap:

- Connecting with the browser at port 80 the image is very reminiscent of the Heartbleed vulnerability icon:

- Same thing with HTTPS at port 443:

- There is a lot of information available about Heartbleed vulnerability:

http://heartbleed.com/

https://en.wikipedia.org/wiki/Heartbleed

- Nmap script confirms the Heartbleed vulnerability:

- Dirbusting Valentine's web server:

- Checking folder /encode:

- Checking folder /decode:

- Going to /dev:

- Reading notes.txt:

- Reading hype_key:

- Copying hype_key locally:

- Because hype_key is written with hexadecimal numbers let's decode it:

- It seems that we are dealing with an RSA Private key. Copying it locally:

3 - EXPLOITATION

- Looking for an exploit related to Heartbleed vulnerability:

- Copying the Python script 32764.py to the working folder:

- Now, launching the script against Valentine's IP:

..................................

- The answer includes a reference to a string encoded with Base64:

- Decoding the string we get a plaint text string: heartbleedbelievethehype

- Going back to the encrypted key, let's see whether openssl help to decrypt it by providing as password the string heartbleedbelievethehype:

- The new decrypted ssh_key:

- SSH-ing valentine with user hype's credentials:

- The remote shell is low privileged:

4 - CAPTURING THE 1st FLAG

- Reading user.txt:

5 - PRIVILEGE ESCALATION

- Let's try two ways for Privilege Escalation:

5.1 - Kernel exploitation

- First, checking Operating System version and Kernel number:

- There are some exploits for Linux 3.2 kernel version, for instance this one:

- Downloading to Kali and transferring to Valentine:

- Compiling according to the instructions: