Hack The Box AI Machine Writeup – 10.10.10.163

Hello, here is the writeup of Hack The Box AI new active machine. As usual I’m going to add IP 10.10.10.163 to etc/hosts as ai.htb for easiness.

Initial NAMP Scanning

The namp scan revealed couple of ports open, 80 an websrver and 22 an SSH port. Lets investigate the port 80 first.

Port 80 has a web server that hosts a website called “Artificial Intelligence”, there are 4 links, Home, About, AI and Contact. The About has a small introduction that says “Our developers working 24/7 to make it happen and we progressed well with audio conversion.”

AI has file upoload page, which is interesting, the contact page hasmachine maker MrR3boot’s fake email id.

If you have root the machine Player, you should have come across the same situation. That machine as well as has the same scenario of uploading wav file to upload and get the information from the vulnerable database. This AI machine is almost similar to it.

Lets exploit it

Getting User.txt

I’m going to use Flite to create a wav file and upload it using the upload form and get the credentials from the database. My command would be;

Above command will create a wav file called nav1n.wav, I’m going to upload it using the upload form.

Well, I have the username “Alexa” now.

Lests modify the commad to get the password for the user Alexa.


AsI already have the credentials, lets try if the SSH works.

Yesss, it works. Lets see if I can find user.txt

That’s it for today.

Navin

Hey there, I'm Navin, a passionate Info-Sec enthusiast from Bahrain. I started this blog to share my knowledge. I usually write on HackTheBox machines and challenges, cybersecurity-related articles and bug-bounty. If you are an HTB user and like my articles, please respect here: https://www.hackthebox.eu/home/users/profile/68523

View all posts by Navin →
Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Dover, Ben
8 months ago

you have really long nights at your place πŸ™‚

Sorry, that action is blocked.
%d bloggers like this: