HackTheBox Eureka Writeup
A walkthrough of the HackTheBox 'Eureka' machine which is hard rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.
RECONNAISSANCE
NMAP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
┌──(dollarboysushil㉿kali)-[~/Documents/HTB_BOXES/environment]
└─$ nmap -sC -sV 10.10.11.66
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.12 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 d6:b2:10:42:32:35:4d:c9:ae:bd:3f:1f:58:65:ce:49 (RSA)
| 256 90:11:9d:67:b6:f6:64:d4:df:7f:ed:4a:90:2e:6d:7b (ECDSA)
|_ 256 94:37:d3:42:95:5d:ad:f7:79:73:a6:37:94:45:ad:47 (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://furni.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
PORT STATE SERVICE REASON VERSION
8761/tcp open http syn-ack ttl 63 Apache Tomcat (language: en)
|_http-title: Site doesn't have a title.
| http-auth:
| HTTP/1.1 401 \x0D
|_ Basic realm=Realm
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
⚠️ Notice:
This challenge is currently active on HackTheBox.
In accordance with HackTheBox's content policy, this writeup will be made publicly available only after the challenge is retired.
For hints or to chat with the community, join the Dollar T.V Discord server
or send DM on Twitter (X) dollarboysushil.
This challenge is currently active on HackTheBox.
In accordance with HackTheBox's content policy, this writeup will be made publicly available only after the challenge is retired.
For hints or to chat with the community, join the Dollar T.V Discord server
or send DM on Twitter (X) dollarboysushil.
This post is licensed under
CC BY 4.0
by the author.