Writeup: HackTheBox Beep - Without Metasploit (OSCP Prep)

#security #webdev #hacking

Beep HackTheBox Write Up

Hello all and welcome back! Apologies for the long delay, between COVID and work things have been kind of picking up. But I am trying to pick things back up while also doing a WebDev Bootcamp.

Difficulty level: Easy
Time to complete: 30mins

I will start off by running a Nmap Scan to see services running and for the ports.

Some background on what I am doing here.
-sV = version detection scan
-sC = runs default scripts
-v = verbose
-Pn = checks to see if the host is alive
-p- = scans all ports
-A = detailed information on scripts
-T4 = speed things up

Alright so after sometime I get some results from my scan.

The main things that standout to me are the following:
22 TCP Open SSH
80 TCP Open Http

The reason why these two ports are really interesting to me is that you if you ever worked as an System Administrator, you've come across Open SSH ports that allowed you to get into your systems. Also with an Open Http means there is a website there so its just a little more visually appealing for me lol.

So being that port 80 is open I am going to checkout the site to see what it looks like.

Nothing too interesting here so I spin up Dirbuster. Which is a multi-threaded Java application to brute force directories and file names on web/app servers.

But after going to a few of these sites I quickly realize that I don't have access to the sites.

But one thing to highlight is the text at the bottom of the sign-in page that showed Elastix. Some quick googling and also searching SearchSploit

I come across the following Exploit 37637 which I will get a little further details on. Exploit-DB is a great resource to learn more about Exploits that you want to run. But you should always read the code before running and test them out to make sure its not making a call back to some Bad actor or someone is giving you a Rick-Roll.