9. HackTheBox. Level Medium: Passing OpenKeys. Cracking the OpenBSD virtual machine

11 December 2024 2 minutes Author: Lady Liberty

Learn how to effectively pentest OpenBSD systems with a step-by-step guide using OpenKeys on HackTheBox. In this article, we’ll cover how to start your exploration, find vulnerabilities, and gain access to your system. You’ll learn how to use tools like nmap for port scanning and gobuster for finding hidden directories.

Hacking OpenBSD: A Step-by-Step Guide Using OpenKeys as an Example

Solutions sent for machine refinement from the site are published  HackTheBox.

Recon

This machine has the IP address 10.10.10.199, which we add to /etc/hosts.

10.10.10.199 	openkeys.htb

First, you need to scan for open ports. This can be done using a script that takes the host address to scan as an argument:

#!/bin/bash
ports=$(nmap -p- --min-rate=500 $1 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -A $1

We go to port 80 and are greeted by an authorization form.

Entry Point

The next step is to scan the directories.

gobuster dir -t 128 -u openkeys.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x html,php

We find the unindexed include directory.

Let’s look at the swp file.

A new domain is detected and added to the /etc/hosts file. However, the same authorization form is displayed on this domain. Since this is OpenBSD, the idea is to check the default credentials.

USER

When attempting to authorize, the system reports that such a user does not exist.

Given the domain name, it is assumed that a user named jennifer may exist in the system.

We get the SSH key.

ROOT

And for this version there are exploits.

Upload to the host.

scp -i jennifer.key ./openbsd-authroot [email protected]:/tmp/

And we do it.

As a result of the actions, root privileges were obtained.

Conclusion

This article provides a step-by-step guide to using tools and techniques to conduct pentesting on an OpenBSD system using OpenKeys on HackTheBox. The focus is on the process of reconnaissance, vulnerability detection, gaining access to the system, and privilege escalation. The material demonstrates key aspects of ethical hacking and will be useful for both beginners and experienced cybersecurity professionals.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.