In this 30 Days of Cyber Security challenge, I tackled the Easy Windows machine ‘Cicada’ on Hack the Box. This article is written in the format of a live penetration test report instead of a normal blog entry.

An easy rated Linux box that emphasizes and develops enumeration skills, both externally and internally. Foothold is obtained through an authenticated RCE that exploits improper input sanitization. Further enumeration reveals a plaintext password that is reused by another user, allowing escalation of privileges. Finally, root access is obtained through a zero-day exploit found in the Enlightenment Window Manager.

A medium rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell as a low level user. Further privilege escalation requires finding a weak password in a database table, which leads the attacker to another user. Root user is obtained by exploiting a vulnerability in qpdf.

An easy rated Linux machine that demonstrates the Shellshock vulnerability. Once the vulnerability is exploited, the attacker is able to escalate privileges through the perl binary.

An easy rated Windows machine that demonstrates the critical vulnerability in Windows SMBv1, also known as MS17-010 or ‘EternalBlue’.