CVE-2023-32784

February 10, 2024

Keeper – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec CVE-2023-32784, Default Credentials, HackTheBox, HTB, KeePass, OpenSSH Key, Password Cracking, Putty, Putty Key, Request Tracker 0

Machine Name: Keeper
IP: 10.10.11.227
Difficulty: Easy

Summary

Keeper is an easy machine which starts with logging into a Request Tracker dashboard using default credentials and discovering SSH user credentials. A KeePass database file is discovered which is then cracked using the CVE-2023-32784. Although the credentials for root are obtained from the exploit, the password needs to be used along with a key to log into SSH. The key found is a putty key which needed to be converted to OpenSSH key format to log in as root.