https://mohandacherir.github.io/Qdiv7/tags/easy/Recent content in Easy on Moe's VR blogHugoenSun, 15 Dec 2024 00:00:00 +0000https://mohandacherir.github.io/Qdiv7/posts/htb-permx/Sun, 15 Dec 2024 00:00:00 +0000https://mohandacherir.github.io/Qdiv7/posts/htb-permx/<h1 id="permx-walkthrough">Permx walkthrough</h1> <p><strong>OS</strong>: Linux, <strong>Difficulty</strong>: Easy</p> <h2 id="enumeration">Enumeration</h2> <p>Ports scan: <code>nmap -p- -sCV 10.10.11.23</code></p> <pre tabindex="0"><code>PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 e2:5c:5d:8c:47:3e:d8:72:f7:b4:80:03:49:86:6d:ef (ECDSA) |_ 256 1f:41:02:8e:6b:17:18:9c:a0:ac:54:23:e9:71:30:17 (ED25519) 80/tcp open http Apache httpd 2.4.52 |_http-title: Did not follow redirect to fer |_http-server-header: Apache/2.4.52 (Ubuntu) Service Info: Host: 127.0.1.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel </code></pre><p>There&rsquo;s no available exploit for this version of Openssh, and passwordless connexions are not possible.<br> The http server redirects to <code>permx.htb/</code>, so i added <code>10.10.11.23 permx.htb</code> to <code>/etc/hosts</code>: <code> echo &quot;10.10.11.23 permx.htb&quot; | sudo tee -a /etc/hosts&quot;</code>.</p>