🟢blocky

Recon & Enum

port scan

PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    open   ssh
80/tcp    open   http
8192/tcp  closed sophos
25565/tcp open   minecraft

directory scan

/.php                 (Status: 403) [Size: 289]
/.html                (Status: 403) [Size: 290]
/index.php            (Status: 301) [Size: 0] [--> http://blocky.htb/]
/wiki                 (Status: 301) [Size: 307] [--> http://blocky.htb/wiki/]
/wp-content           (Status: 301) [Size: 313] [--> http://blocky.htb/wp-content/]
/wp-login.php         (Status: 200) [Size: 2397]
/plugins              (Status: 301) [Size: 310] [--> http://blocky.htb/plugins/]
/license.txt          (Status: 200) [Size: 19935]
/wp-includes          (Status: 301) [Size: 314] [--> http://blocky.htb/wp-includes/]
/readme.html          (Status: 200) [Size: 7413]
/javascript           (Status: 301) [Size: 313] [--> http://blocky.htb/javascript/]
/wp-trackback.php     (Status: 200) [Size: 135]
/wp-admin             (Status: 301) [Size: 311] [--> http://blocky.htb/wp-admin/]
/phpmyadmin           (Status: 301) [Size: 313] [--> http://blocky.htb/phpmyadmin/]
/xmlrpc.php           (Status: 405) [Size: 42]
/.php                 (Status: 403) [Size: 289]
/.html                (Status: 403) [Size: 290]
/wp-signup.php        (Status: 302) [Size: 0] [--> http://blocky.htb/wp-login.php?action=register]
/server-status        (Status: 403) [Size: 298]

wordpress scan

nothing intresting over here

website

http://blocky.htb/index.php/2017/07/02/welcome-to-blockycraft/

their is nothing much on the website , but if you click on the post (only post available on the web page) you found username "notch"

http://blocky.htb/plugins/files/

i found 2 jar files over here , then i used jd-gui to discover the content

blockycore.jar

i found root password in this file

shell as notch

now we have 2 username :- notch & root and 1 password :- 8YsqfCTnvxAUeduzjNSXe22 i tried notch with password and it worked , i got the shell

privesc notch => root

sudo -l

>> i can run all commands as user

sudo /bin/bash

>> i got shell as root

Previousirked Nextdoctor

Last updated 2 years ago

hashtagRecon & Enum

hashtagport scan

hashtagdirectory scan

hashtagwordpress scan

hashtagwebsite

hashtaghttp://blocky.htb/index.php/2017/07/02/welcome-to-blockycraft/arrow-up-right

hashtaghttp://blocky.htb/plugins/files/arrow-up-right

hashtagblockycore.jar

hashtagshell as notch

hashtagprivesc notch => root