Private Key » THOVITI SIDDHARTH

Private Key

April 30, 2023

MetaTwo – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Blind XXE, Bookingpress, CVE-2021-29447, CVE-2022-0739, FTP, GnuPG, GPG, gpg2john, HackTheBox, HTB, Infosec, JohnTheRipper, Linux Box, PassPie, Password Cracking, PGP, Private Key, SQLi, sqlmap, WAVE, Wordpress, Writeup, XXE 0

Machine Name: MetaTwo
IP: 10.10.11.186
Difficulty: Easy

Summary

MetaTwo is an easy machine that needs exploiting a SQLi that leads us to hashes that need to be cracked. The cracked hash credentials provide access to a WordPress dashboard. This WordPress version is vulnerable to Blind XXE via a WAVE file format metadata. The XXE gives us access to the “wp-config.php” file which contains cleartext password for FTP. Enumerating the FTP server, SSH credentials are found for user. Privilege Escalation requires understanding of private and public keys and different methods that are used to encrypt them. Passpie is the application that was used to encrypt private keys found. We can crack the GPG format keys using John and gain the credentials for root.