Posts

Background Foreign adversaries have long strived to gain an advantage against the might of the United States Armed Forces. While matching the USA on the battlefield is a costly and risky proposition, our adversaries are always looking for ways to balance the playing field. A serious and real threat is the infiltration and sabotage of military operations before the fight even breaks out. Fortunately, the NSA is always recruiting bright young individuals to help protect our country! In fact, a bunch of your friends graduated last year and have been busy at work in their Developmental Programs. You have returned to NSA on your final Cooperative Education tour and are visiting your friend Aaliyah who is currently employed full-time in the Intelligence Analysis Development Program. Intelligence Analysts are always scouring through collected Signals Intelligence (SIGINT) for threat indicators. Aaliyah recently attended a briefing that highlighted Nation-State Advanced Persistent Threats (APT) targeting our Defense Industrial Base (DIB) contractors. Disclaimer: The challenge content is a PURELY FICTIONAL SCENARIO created by the NSA for EDUCATIONAL PURPOSES only. The mention and use of any actual products, tools, and techniques are similarly contrived for the sake of the challenge alone, and do not represent the intent of any company, product owner, or standards body. Any similarities to real persons, entities, or events is coincidental. ...

https://www.hackthebox.com/machines/download Nmap scan The initial nmap scan shows that port 22 is open for ssh and 80 is open with an nginx web server. # Nmap 7.94 scan initiated Sat Aug 5 14:01:04 2023 as: nmap -sC -sV -oN scans/initial.txt download.htb Nmap scan report for download.htb (10.10.11.226) Host is up (0.056s latency). rDNS record for 10.10.11.226: download Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 cc:f1:63:46:e6:7a:0a:b8:ac:83:be:29:0f:d6:3f:09 (RSA) | 256 2c:99:b4:b1:97:7a:8b:86:6d:37:c9:13:61:9f:bc:ff (ECDSA) |_ 256 e6:ff:77:94:12:40:7b:06:a2:97:7a:de:14:94:5b:ae (ED25519) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-favicon: Unknown favicon MD5: A7E0469E13F02E350ABEB6DF724CE585 |_http-server-header: nginx/1.18.0 (Ubuntu) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: Download.htb - Share Files With Ease Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Aug 5 14:01:13 2023 -- 1 IP address (1 host up) scanned in 9.52 seconds Looking at the web server Basic site functionality Looks like an online service where you can upload files, get a custom link, and share them with others. ...