Crocodile Machine - Hack The Box - Writeup

Pasted image 20230426231830.png

Recon

First, launch a ping to crocodile machine to identify if is a Windows Machine or a Linux Machine

Pasted image 20230426232042.png

The TTL is near to 64, so is a Linux Machine.

Launch a nmap scan to found the open ports on the machine:

Pasted image 20230426232207.png

We found Port 21 and 80 open, usually Port 21 contains FTP and 80 HTTP

Launch some basics scripts on nmap to known the service and version running on that port:

Pasted image 20230426232442.png

Web Page

Type the ip on a browser and look :

Pasted image 20230426233124.png

We found a website but nothin interesting on source code

Gobuster

gobuster dir -u http://10.1.129.15 -w /home/ewrc01/Descargas/Dictionaries/SecList/Discovery/Web-Content/directory-list-1.0.txt
-x .php -t 20`

use the follow instruction in one line to enumerate the dirs with brute force with gobuster, I'm using SecList with parameter w, we are looking for php extension files and define it with x parameter and define de threads with t parameter.

The enumeration found a admin.php file look at it:

Pasted image 20230426234229.png

Login page

Pasted image 20230426234422.png

if we try some credentials like: admin:admin, guest:guest, root:root no have effects:

Pasted image 20230426234539.png

FTP

Remember the scan, the machine has the port 21 open search on it:

Pasted image 20230426234842.png

Get the two files on the ftp server:

Pasted image 20230426234959.png

And print it with cat:

Pasted image 20230426235036.png

We found some users like admin, look the other file to found some passwords:

Pasted image 20230426235137.png

Flag

Try it on login page:

Pasted image 20230426235220.png

And congrats! here is your flag:

Pasted image 20230426235253.png