Irked
#Linux #Enumeration #IRC
Last updated
#Linux #Enumeration #IRC
Last updated
Irked is an easy-rated Linux machine from HackTheBox, created by Creator MrAgent. In the current post, my IP is 10.10.14.27, and the target IP is 10.129.124.47.
This machine is straightforward. It follows the basic steps for enumeration and exploitation, with some research included.
The first steps are about getting basic information about the target, by using nmap and searching information from the website.
Browser: http://10.129.124.47
We have limited information, but that phrase is enough, at this point our best option is to search about Unrealircd Exploit, you will find this at GitHub.
There is some stuff to change, add the information of your own machine there (Here: 10.10.14.27 // 443), if you continue the analysis, you will find a lot of payloads from an argument, we will use bash.
Here we need to open a new terminal listening using the port 443.
We are using the target port 6697 because the IRC is there. After executing, a message โExploit sent successfullyโ will appear, and your second local terminal [B] will be connected to the target, this will be called [IRCD]. Now we will start with some TTY treatment.
After exploring a little bit, at /home/djmardov/Documents there is a backup hidden file, letโs see with cat and check what we can find.
Here we have two things: a clue about Steganography, maybe the image at the URL, and a password, probably related to the Steganography step. Now download the image from http://10.129.124.47, the angry face, and open a local terminal.
By using Steghide, we extract a new password โKab6h+m+bbp2J:HGโ, we can try to use it at IRCD to change our user.
It works, now we are Djmardov and we can read the flag at /home/djmardov/Documents/user.txt
We donโt lose if we try to create that file and put a command inside it.