Trick – HackTheBox Writeup

Machine Name: Trick
IP: 10.10.11.166
Difficulty: Easy

Summary

Trick is a moderately easy machine that demands a lot of enumeration skills. It involves finding two sub-domains that can be found through DNS zone transfer and sub-domain fuzzing. One of the sub-domains has a SQLi that can be leveraged to gather information on the server and the other sub-domain has a LFI that exposes SSH private key. This key is used to gain SSH access to the user. Since the user can restart fail2ban as root, one of fail2ban’s configuration files needed to be modified to gain a reverse shell as root.

Read More