Learn how to effectively pentest OpenBSD systems with a step-by-step guide using OpenKeys on HackTheBox. In this article, we’ll cover how to start your exploration, find vulnerabilities, and gain access to your system. You’ll learn how to use tools like nmap for port scanning and gobuster for finding hidden directories.
Solutions sent for machine refinement from the site are published HackTheBox.
This machine has the IP address 10.10.10.199, which we add to /etc/hosts.
10.10.10.199 openkeys.htb
First, you need to scan for open ports. This can be done using a script that takes the host address to scan as an argument:
#!/bin/bash ports=$(nmap -p- --min-rate=500 $1 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) nmap -p$ports -A $1
We go to port 80 and are greeted by an authorization form.
The next step is to scan the directories.
gobuster dir -t 128 -u openkeys.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x html,php
We find the unindexed include directory.
Let’s look at the swp file.
When attempting to authorize, the system reports that such a user does not exist.
Given the domain name, it is assumed that a user named jennifer may exist in the system.
We get the SSH key.
And for this version there are exploits.
Upload to the host.
scp -i jennifer.key ./openbsd-authroot [email protected]:/tmp/
And we do it.
As a result of the actions, root privileges were obtained.
This article provides a step-by-step guide to using tools and techniques to conduct pentesting on an OpenBSD system using OpenKeys on HackTheBox. The focus is on the process of reconnaissance, vulnerability detection, gaining access to the system, and privilege escalation. The material demonstrates key aspects of ethical hacking and will be useful for both beginners and experienced cybersecurity professionals.