{"id":218,"date":"2025-07-24T18:56:00","date_gmt":"2025-07-24T18:56:00","guid":{"rendered":"https:\/\/thecyberstaff.com\/?p=218"},"modified":"2025-12-28T19:32:41","modified_gmt":"2025-12-28T19:32:41","slug":"help-hackthebox-lab","status":"publish","type":"post","link":"https:\/\/thecyberstaff.com\/?p=218","title":{"rendered":"Help- Hackthebox lab"},"content":{"rendered":"\n

I got stuck on this assessment because the target machine was not accepting the reverse shell. It turned out that I needed to set my attack box to the same time as the target machine, once that was completed, everything worked!<\/p>\n\n\n\n

I started the assessment with my new poet scanning script that scans all TCP and the top UDP ports.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Enumerating the web servers I found the hostname help.htb. I added that to my \/etc\/hosts file.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

When targeting the webserver on port 80, I found this HelpDeskZ application.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

The README file for this application provided a version and I found a couple of exploits when searching the version in searchsploit.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

This is where I got stuck and did a ton of troubleshooting, I ended up proxying the app in Burp Suite and getting the time of the app. I changed my time on my attack box to the same time and got the exploit working after uploading a PHP reverse shell into the new ticket function.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

With a regular user shell, I began looking for ways to escalate my privileges. I found an old kernel version and looked for local privilege escalation exploits.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I moved the exploit over to the target machine and compiled it. I ran the exploit and got a root shell!<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

This lab shows the importance of using strong up to date software to protect against intrusions.<\/p>\n","protected":false},"excerpt":{"rendered":"

I got stuck on this assessment because the target machine was not accepting the reverse shell. It turned out that I needed to set my attack box to the same time as the target machine, once that was completed, everything worked! I started the assessment with my new poet scanning […]<\/p>\n","protected":false},"author":1,"featured_media":219,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-pentesting"],"brizy_media":[],"_links":{"self":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=218"}],"version-history":[{"count":2,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/218\/revisions"}],"predecessor-version":[{"id":440,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/218\/revisions\/440"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/media\/219"}],"wp:attachment":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}