Synced (Tier 0)

Description

  • Tier -> 0

  • Difficult -> Very Easy

  • OS -> Linux

  • Tags -> Rsync / Protocols / Reconnaissance / Anonymous/Guest Access

https://app.hackthebox.com/starting-point?tier=0

Write-up

  • With a little research, I started answering the first question

Answer: 873

  • Then I continued doing an initial port scan of the machine using Nmap

nmap 10.129.197.128 -p- -Pn --min-rate 2500 -oN scan.txt

  • With this, I answered the next question

Answer: 1

  • Then I did an exhaustive scan of the ports we found to get information about the running service

nmap 10.129.197.128 -p873 -sVC -oN serv_scan.txt

  • With this and a little research, I answered some questions

Answer: 31

Answer: rsync

Answer: None

Answer: list-only

  • I found there was a port a service named rsync that with a little research, I found it was a file synchronization application. Also, I found that it was possible to interact with it using the rsync command-line utility. So I tried using it to list the files being shared under this application specifying it was using a daemon to run this service and I saw it was successful

rsync --list-only 10.129.197.128::

  • I found a public folder so I listed its content where I found a flag.txt file, so I transferred it from the server to my machine and read its content finally finding the root flag

rsync --list-only 10.129.197.128::public
rsync 10.129.197.128::public/flag.txt ./
cat flag.txt

  • With this, I got the root flag and pwned the machine

Answer: 72eaf5344ebb84908ae543a719830519

PreviousMongod (Tier 0)NextAppointment (Tier 1)

Last updated