Synced (Tier 0)

Description

  • Tier -> 0

  • Difficult -> Very Easy

  • OS -> Linux

  • Tags -> Rsync / Protocols / Reconnaissance / Anonymous/Guest Access

https://app.hackthebox.com/starting-point?tier=0

Write-up

  • With a little research, I started answering the first question

Answer: 873

  • Then I continued doing an initial port scan of the machine using Nmap

nmap 10.129.197.128 -p- -Pn --min-rate 2500 -oN scan.txt

  • With this, I answered the next question

Answer: 1

  • Then I did an exhaustive scan of the ports we found to get information about the running service

nmap 10.129.197.128 -p873 -sVC -oN serv_scan.txt

  • With this and a little research, I answered some questions

Answer: 31

Answer: rsync

Answer: None

Answer: list-only

  • I found there was a service named rsync that, with a little research, I found was a file synchronization application. Also, I found that it was possible to interact with it using the rsync command-line utility. So I tried using it to list the files being shared under this application, specifying it was using a daemon to run this service, and I saw it was successful

rsync --list-only 10.129.197.128::

  • I found a public folder, so I listed its content, where I found a flag.txt file. So I transferred it from the server to my machine and read its content, finally finding the root flag

rsync --list-only 10.129.197.128::public
rsync 10.129.197.128::public/flag.txt ./
cat flag.txt

  • With this, I got the root flag and pwned the machine

Answer: 72eaf5344ebb84908ae543a719830519

PreviousMongod (Tier 0)NextAppointment (Tier 1)

Last updated