HACK THE BOX - OPENADMIN WRITE-UP WITHOUT METASPLOIT

by - May 08, 2020






Nmap result:

I found there’re two ports are open in this machine

1- port 22 SSH
2- port 80 HTTP





Dirbuster

I found there’s a page call ona = OpenNetAdmin
let’s see what we can find there





The page ona

Just to let you know OpenNetAdmin provides a database managed inventory of the IP network.
The version of it is v18.1.1





Exploit

I found there’s a vulnerability on this ona version. This is the link to download the exploit


Run exploit





Find the password but I don’t know for who






Find two usernames





Let’s try to use the password with these usernames to SSH






After I went to /var/www/ I found main.php file it looks like there’s RSA key somewhere
So I run “netstat -tupln” command to see all ports that are open






The port 52846 looks like there’s something on this port
So I run curl command






After I copied RSA PRIVATE KEY I used ssh2john before crack the passphrase
I found the passphrase is bloodninjas for jonna






Finllay I entered Joanna by ssh





find user.txt






I couldn’t log in as root but I found something I can run the following commands
sudo /bin/nano /opt/priv





First press CTRL + R
Then CTRL + X
After that run this command to read root.txt cat /root/root.txt






Root.txt




Thank you!
3gbCyber

Share
Tweet
Share
Tags :

You May Also Like

0 comments