Hello Guys, Welcome to my new blog. In this blog, I am posting a walkthrough of a Hackthebox machine named Beep.
Beep is a Linux Based machine. The IP of the machine is 10.10.10.7
As always I start with Nmap for scanning.
nmap -sC -sV -oA nmap 10.10.10.7
There are many ports open. Some are 22,80,443, etc.
Let’s check on port 80 as some website is running on it. And I found a login page there.
There is a login page named Elastix. So I just do a simple search on google to find the exploits.
You can see there is an exploit of Local File Inclusion. I open that page and find the LFI command there.
You can read more about Local File Inclusion from here.
I open it in the browser and find something interesting there.
I found a password there. So I try to login with this password.
And I successfully log in. So I just think to login ssh with that password.
and I successfully log into ssh. After some enumeration, I get the user.txt and root.txt.
This Walkthrough is written by Amit. Amit is a Penetration testing student at Azure Skynet. You can contact him from here.