Kali Linux Hack The Box

Today I started my first hacking lab. This is something I plan on doing very often in the future, so I decided to finally dive in. Ethical hacking is something I have always wanted to do, and hacking labs are great cybersecurity experience. They are also very useful to get in the mind of a hacker, and in turn become a better defender. I am downloading a vulnerable ubuntu server image and my goal is to be able to hack the machine using my knowledge of attack types and online research I conduct.

I used VirtualBox for my lab today. I set up one VM with Kali Linux, this will be my attacker workstation. The other machine is set up with a vulnerable version of Ubuntu. As this is my first hack the box challenge, I decided to pick an easy machine to attack. That being said, the only hint I have to start with is that it has an enumeration vulnerability. I was excited to test myself, but a bit worried I would have trouble on my first try.

I started by changing the network on both VMs to internal networking so they can only communicate with each other. This ensures that they won’t have access to the internet, and more importantly people on the internet won’t have access to the machines. I then configured DHCP for the machines and launched them. Once launched I confirmed my Kali machine was on the internal network. I also pinged Googles public DNS server and received no response, confirming the machines are offline.

The first step would be reconnaissance. I needed to find the machine on the network, as I had no idea what the IP address was. I used nmap to scan the network and find open ports. The completed nmap scan found the machine along with ports 21 and 80 open. Port 21 is used for unencrypted file transfer and port 80 is used for unencrypted web traffic. This leads me to believe this machine is a webserver and is using ftp to access files.

My next step was opening a web browser and searching the vulnerable machines IP address. Searching the IP address revealed a vulnerable backend of the site. Finally, I am getting somewhere!

Next, I attempted to connect to the FTP on the vulnerable machine. I connected to the FTP, but I still needed a username and password. I tried brute forcing common default credentials using the Hydra application, but with no username to go off of that idea was put on hold. Now I was a bit stuck. I went to the internet and researched common vulnerabilities for FTP and HTTP. I didn’t find anything useful at first so I kept looking until I found some documentation on the Metasploit Framework. This is an application built into Kali Linux and is essentially a big repository of known vulnerabilities along with the exploits.

I launched the Metasploit shell and searched for vulnerabilities with the version of FTP running. The first exploit that popped up was an excellent exploit so I gave it a try. I set the target IP and the target port, 21, and launched the exploit. The scan ran, and it didn’t break into the system, but it did return a username for me to work with. Now I knew that the username 331 was a valid username. With this information my next move was to perform a brute force password attack and hope to crack the password. I tried multiple brute force attacks but they all came back unsuccessful. I decided to focus on http again.

I ended up getting stuck at this point. I wanted to complete this challenge on my own, but for my very first try at a hack the box I was content with how I did. Looking at a write up of the challenge I found I had done everything good so far, I just needed to use a utility called dirb to dig for more information on port 80. The completed scan brought back multiple directories for me to try and exploit.

I followed the procedures documented on the write up until I was able to gain access to a shell using an exploit listed on the Metasploit Framework.

In conclusion this lab was quite challenging for my first one. I probably should have started with something easier, but I learned a lot from this lab and I am happy with how far I got on my own. This hack the box was a very challenging, but fun experience, and I plan on completing more very soon.