hackNos: Os-Hax walk-through

hackNos Os-Hax is an intermediate vulnerable vulnhub machine. I think its a simple machine for beginners with some rabbit holes. You can download this machine from here ->

“https://www.vulnhub.com/entry/hacknos-os-hax,389/”

Now let’s start

Network scanning or host discovery by nmap

“# nmap -sn 192.168.43.1/24”

We got our target’s IP address ”192.168.43.33”.

Service and version detection with nmap

“# nmap -vv -sT -sV -p- 192.168.43.33”

We found two services running one is ssh and another one is http (web). Let’s try for port 80 (http)

I fired a dirb command to list the directories on the web server

“# dirb http://192.168.43.33/ -i -R”

As we can see that their is a “wordpress” site, but that’s a rabbit hole, So move on the other directory which is /img/.

In /img/ directory directory-listing is enabled and we found a “falghost.png”. It might be containing some information, So i downloaded that image on my localhost and fired a exiftool to extract metadata from a image file (“flaghost.png”).

“# exiftool flaghost.png”

After extracting the data we got a string “passw@45” ,but its not a password it’s a name of the directory on the server.

In “pass@45" directory we got another flag i.e, flag2.txt.

Uhhh this flag2.txt contains a “brainfuck code”. Brainfuck is an esoteric programming language.

To convert it into plain text I executed this language from online website and got the credentials “web:Hacker@4514”

Then it took me just 5 seconds to take a ssh shell. hahahaha funny right??

As you can see we are in and found user.txt flag ,addressing us to move towards root privilege ,so let’s go

In the above image we found that we can run “awk” command as root, So we are just one command away from our root shell

“ sudo awk ‘BEGIN {system(“/bin/bash”)}’ ’”

We are root now and we successfully completed this challenge.