HackTheBox Sau Writeup
HackTheBox Sau 是一台简单难度的 Linux 机器。本文按照信息收集、初始访问、横向或提权路径的顺序整理完整解题过程,突出关键漏洞点、凭据来源与最终拿到 user/root 或域权限的利用链。
htb sau
Information Gathering
[+] found 3 open port
--------------------------------------------------------------------------------
Port 22 | Service: ssh | Banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.7
Port 53 | Service: domain | Banner: (no banner)
Port 55555 | Service: Unknown | Banner: (no banner)
--------------------------------------------------------------------------------
55555端口运行request-baskets 1.2.1
搜索得到CVE-2023-27163可以查看80端口
提升权限使用CVE-2023-26604
HTB sau
Information Gathering
[+] found 3 open port
--------------------------------------------------------------------------------
Port 22 | Service: ssh | Banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.7
Port 53 | Service: domain | Banner: (no banner)
Port 55555 | Service: Unknown | Banner: (no banner)
--------------------------------------------------------------------------------
Port 55555 runs request-baskets 1.2.1.
Search reveals CVE-2023-27163 can be used to view port 80.
Privilege escalation uses CVE-2023-26604.