Hackthebox — Omni


Today we have another machine is retired with IP



We can see various ports open, if we go to the 8080 with the browser, we come across a login / pass request that we do not have
We can guess that we are on an IoT box.
Let’s take a look on SirepRAT exploit and download it

After download, We need to upload nc64.exe to get reverse shell, So launch a Simple python server

Let’s take a reverse shell

We are omni now, But we didn’t have user flag

Let’s do some enumeration

Let’s cat the r.bat file

We found 2 credentials that we can use to login on port 8080 on browser, So Let’s login with the first credentials app:mesh5143

After login found Run command page that we can use to get reverse shell to app

We are app now

We can now read user.txt but the contents inside looks to be encrypted.
Let’s decrypt it

Gain user flag!

Privilege Escalation

Let’s use another credentials administrator:_1nt3rn37ofTh1nGz to a reverse shell as administrator

Gain root flag!

If u learn any thing useful from write up, Respect me on HackTheBox

THX for ur time!




CTFer | Computer Science Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Announcing CyRise Cohort Three: Six exciting cyber security startups

WMI Subscriptions: Risks, Rewards and Opportunity

Is digital privacy private or not?

{UPDATE} Kayak Attack Hack Free Resources Generator

{UPDATE} Soccer Games Hack Free Resources Generator

How to set up a static SSL website on AWS using GitHub, CloudFront and S3

#WhatsGood Data Privacy & GDPR

Reading Local files & Abusing AWS metadata services

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Samir

Ahmed Samir

CTFer | Computer Science Student

More from Medium

Previse Writeup — HackTheBox

Cyber Apocalypse 2022 — Blinker Fluids

Tryhackme: OhMyWeb Walkthrough

Image Analysis -Osint Tools