SwagShop was an easy but fun box for me. When this box was active it was also the only way you could buy t-shirts and stickers (now HTB’s shop is publicly available). So, without further blabering, you can read the writeup below.
Information Gathering
Nmap
We begin our reconnaissance by running an Nmap scan checking default scripts and testing for vulnerabilities.
root@kali:~# nmap -sVC -o nmap_SwagShop.txt 10.10.10.140
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-11 16:30 EDT
Nmap scan report for 10.10.10.140
Host is up (0.41s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 b6:55:2b:d2:4e:8f:a3:81:72:61:37:9a:12:f6:24:ec (RSA)
| 256 2e:30:00:7a:92:f0:89:30:59:c1:77:56:ad:51:c0:ba (ECDSA)
|_ 256 4c:50:d5:f2:70:c5:fd:c4:b2:f0:bc:42:20:32:64:34 (ED25519)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Home page
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 34.88 seconds
From the above output we can see that ports, 22, and 80, are open. So lets checkout what’s going on with port 80.
So they finally retired Luke. While this box was far from one of my favorites, it has a lot of sentimental value to me because it was the first box I rooted after joining Hack The Box. Luke wasn’t all that technically challenging (as you will see in the writeup below). There was a lot of enumeration involved, credential stuffing, a bit of guess work, and no privilege escalation what so ever. It taught me to write down everything during a pentest CTF, even if it seems useless. You never know what you’ll need to use later. All of that said, please find my writeup below.
I’ve been playing a lot of CTFs this summer. My goal was obviously to brush up on my offensive security skills, but also to practice doing security writeups. I wanted to post the writeups on my blog and publish them as PDFs. Writing the whole thing in a document editor is miserable, I hate using document editors. Then doing the whole thing again as a blog post just means even more work. So, here’s the workflow I developed this summer to do my writeups once using markdown, and easily publish in both formats.
The other day I thought about also running this website as a hidden service. Today I set all that up. It’ll admit that it’s not all that practical. I’m clearly not hiding who I am, nor am I trying to hide the IP address of my web server, but whatever. It does provide those with extreme privacy concerns the ability to avoid the clearnet while browsing my blog.
This post is to outline my personal password management system. It relies entirely upon free and open source software, and it is intended to be self hosted. Passwords are synchronized across multiple devices via an encrypted database file. The database is secured by both a password and a key file, which is to be stored locally.
Required Software
This little system consists of two primary software projects, which are listed below. Do keep in mind the obvious fact that the wrong choice of operating system, network provider, or even hardware, can render the use of these open source projects pointless.
