Cacti Group » THOVITI SIDDHARTH

Cacti Group

September 2, 2023

MonitorsTwo- HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Cacti Group, capsh, CVE-2022-46169, Docker, JohnTheRipper, LinPeas, MySQL, overlay2, RCE 0

Machine Name: MonitorsTwo
IP: 10.10.11.211
Difficulty: Easy

Summary

MonitorsTwo is an easy machine that starts with exploiting the Cacti monitoring software to gain a shell. The shell obtained is a container host where we find hashes of user in a database file. After cracking the hashes, we obtain the user shell through SSH. Privilege escalation consists of leveraging insufficient permissions on the Docker overlay2 filesystem which allows host users to run privileged binaries on the container. To create a setuid bash binary on the docker container, capsh’s capabilities were misused to gain privileges as root. Finally, the binary was executed on the host machine to obtain a root shell.