Summary

Today we have another machine is retired with IP 10.10.10.204

Enumeration

We can see various ports open, if we go to the 8080 with the browser, we come across a login / pass request that we do not have
We can guess that we are on an IoT box.
Let’s take a look on SirepRAT exploit and download it
https://github.com/SafeBreach-Labs/SirepRAT

After download, We need to upload nc64.exe to get reverse shell, So launch a Simple python server

Let’s take a reverse shell

We are omni now, But we didn’t have user flag

Let’s do some enumeration

Let’s cat the r.bat file

We found 2 credentials that we can use to login on port 8080 on browser, So Let’s login with the first credentials app:mesh5143

After login found Run command page that we can use to get reverse shell to app

We are app now

We can now read user.txt but the contents inside looks to be encrypted.
Let’s decrypt it

Gain user flag!

Privilege Escalation

Let’s use another credentials administrator:_1nt3rn37ofTh1nGz to a reverse shell as administrator

Gain root flag!

If u learn any thing useful from write up, Respect me on HackTheBox

CTFer | Computer Science Student