HackTheBox_Beep | w/o Metasploit

HTB - Beep

Overview

The “Beep” machine is an easy-level HackTheBox challenge designed to test your skills in basic enumeration and exploitation. The machine features a vulnerable web application that can be exploited to gain access.

Enumeration

Nmap Scan Results

Access Issues

Unable to access the page initially:

We resolved this by changing the minimum TLS settings in about:config:

Now we can view the homepage:

Vulnerabilities

Elastix Local File Inclusion (LFI) Vulnerability

Reference: Exploit-DB

What is LFI?

Local File Inclusion (LFI) allows an attacker to trick a web application into exposing or executing files on the web server. This may lead to information disclosure, remote code execution, or Cross-site Scripting (XSS). Typically, LFI occurs when an application uses a file path as input without proper validation, allowing an attacker to include local files in the application.

LFI is similar to Remote File Inclusion (RFI), but RFI allows inclusion of remote files, while LFI is limited to local files.

Directory Traversal

An LFI vulnerability can also lead to Directory Traversal, allowing attackers to access sensitive files by manipulating file paths:

http://example.com/?file=../../../../etc/passwd

This can expose sensitive information such as user lists or log files, which can be used to further an attack.

Exploitation

We exploited the LFI vulnerability to perform a directory traversal:

The traversal was successful, revealing useful information:

Using these credentials, we accessed the machine via SSH:

We then located the flags:

Root Flag

User Flag

Pwned