Hackthebox — Omni

Summary

Today we have another machine is retired with IP 10.10.10.204

Enumeration

Nmap

We can see various ports open, if we go to the 8080 with the browser, we come across a login / pass request that we do not have
We can guess that we are on an IoT box.
Let’s take a look on SirepRAT exploit and download it
https://github.com/SafeBreach-Labs/SirepRAT

After download, We need to upload nc64.exe to get reverse shell, So launch a Simple python server

Let’s take a reverse shell

We are omni now, But we didn’t have user flag

Let’s do some enumeration

Let’s cat the r.bat file

We found 2 credentials that we can use to login on port 8080 on browser, So Let’s login with the first credentials app:mesh5143

After login found Run command page that we can use to get reverse shell to app

We are app now

We can now read user.txt but the contents inside looks to be encrypted.
Let’s decrypt it

Gain user flag!

Privilege Escalation

Let’s use another credentials administrator:_1nt3rn37ofTh1nGz to a reverse shell as administrator

Gain root flag!

If u learn any thing useful from write up, Respect me on HackTheBox

THX for ur time!

--

--

--

CTFer | Computer Science Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Win 10,000 CRU and Get EQ Bonus with Equilibrium x CRUST

Mystery Project Successfully Decrypted!

How to Secure Your Company’s Sensitive Data?

{UPDATE} Muscle Car Rally Hack Free Resources Generator

What Is Malware? Understanding the Basics of Website Malware

{UPDATE} Turret Commander - shoot from B17 top machine gun Hack Free Resources Generator

Tips for Everyday Security

{UPDATE} Zombie Slayer Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Samir

Ahmed Samir

CTFer | Computer Science Student

More from Medium

Gunship (easy) -HTB Writeup

TryHackMe: UltraTech

RootMe: TryHackMe: writeup:-

HacktheBox [Armageddon]