The “Aliens” Hack The Box machine is a challenge that intrigueingly allows cybersecurity enthusiasts to try their hand at network penetration, among other areas of interest. This is an intermediate challenge aliens htb write up that requires the candidate to have firm knowledge of Linux commands, HTTP protocols, and network services in order to progress through the different stages. This write-up will go into the detailed steps for solving the “Aliens” HTB write up machine step by step with network enumeration, exploitation, and post-exploitation. At the end of this article, a reader should have a crystal clear idea about the techniques and tooling needed to conquer the challenge, which indeed makes it fruitful for both beginners and experienced hackers.

What is the “Aliens” HTB Write-Up?

The Aliens HTB write up is a step-by-step guide on how one can go about solving the “Aliens” machine on Hack The Box. It is an intermediate machine that requires a user to apply most of the cybersecurity approaches in order to gain root access. It usually covers the following stages:

  • Enumeration: This is the identification of open ports, services, and probable aliens htb write up vulnerabilities. It is normally carried out using different tools such as Nmap and Gobuster.
  • Exploitation: Using the identified vulnerability to attain an initial foothold on the machine.
  • Privilege Escalation: One needs to escalate privileges in order to gain root access and finishthe challenge.

Step 1: Enumeration

The solution of the “Aliens” HTB machine will start with deep penetration into the target network through a thorough enumeration. This process of enumeration generally involves open port, service identification, and possible vulnerabilities that can be exploited in gaining access to the machine.

Also read more: BrandRepUSA Howard Borsa

Tools and Techniques

  • Nmap – It is a network scanning tool that is used for discovering hosts and services on a network. This is a very popular tool for port scanning and service enumeration.
  • Gobuster: This is a tool for brute forcing URL’s – Directories and files on web servers. It is useful for finding hidden directories and files that could have sensitive information in them.

Nmap Scan

We first begin with a basic Nmap scan to recognize what ports and services are aliens htb write up open on the target machine. The command is as follows:

bash

nmap -sC -sV -oN nmap/initial_scan 10.10.10.59
  • -sC: Runs default Nmap scripts against the target.
  • -sV: Attempts to determine the version of the service running on the target.
  • -oN: Saves the output to a aliens htb write up file for later analysis.

The Nmap scan reveals the following open ports and services:

Port Service Version
22 SSH OpenSSH 7.2p2 Ubuntu 4ubuntu2.4
80 HTTP Apache 2.4.18 (Ubuntu)

The above results show that there is an SSH service running on port 22 and an HTTP service running on port 80 of the target machine. We will more specifically focus on these two services for aliens htb write up the purpose of exploitation.

Gobuster Scan

Next up, use Gobuster to enumerate the directories on the web server. The command is:

bash

gobuster dir -u http://10.10.10.59 -w /usr/share/wordlists/dirb/common.txt -o gobuster/initial_scan
  • -u: Specifies the target URL.
  • -w: Specifies the wordlist to use for brute-forcing directories.
  • -o: Saves the output to a file for later analysis.

The Gobuster scan reveals the aliens htb write up following directories:

Directory Status Code
/admin 200
/uploads 200
/images 200

These directories may contain valuable information or vulnerabilities that aliens htb write up can be exploited.

Also read more: Exclusivenism

Step 2: Exploitation

After the enumeration phase is over, one will then exploit the identified vulnerabilities to gain initial access into the target machine.

HTTP Service Exploitation

Of special interest to us is the HTTP service operating on port 80, for it may host vulnerabilities that can be exploited. Upon accessing the /admin directory aliens htb write up that was identified earlier, a login page is presented. Trying to bypass the login page by employing SQL injection techniques is the next step.

SQL Injection

SQL injection is a technique to gain access into the web application’s database by exploiting the vulnerabilities in it. We can inject malicious SQL into the input fields of the Login page to gain unauthorized access.

Using a common SQL injection payload, we input the following into the username and password fields:

vbnet

Username: ' OR 1=1 --
Password: ' OR 1=1 --

This payload tricks the web application into thinking that the input is valid,aliens htb write upĀ  allowing us to bypass the login page and gain access to the admin panel.

Step 3: Post-Exploitation

After gaining initial access to the target machine, the next step will be privilege escalation to gain root-level access.

Privilege Escalation

Privilege Escalation: It means exploiting vulnerabilities or misconfiguration in the target system to elevate our access level. In the “Aliens” machine, we will find a misconfigured SUID binary that we can use to escalate our privileges.

Exploiting SUID Binary

A SUID binary is simply a file that allows a user to run the file as the owner of the file, which in most cases is root. Poorly configured SUID binaries can be exploited to gain root privileges and run commands as root.

Using the following command, we can find SUID binaries on the target machine:

bash

find / -perm -u=s -type f 2>/dev/null

The command returns a list of SUID binaries, including one aliens htb write up that can be exploited to gain root access.

Conclusion

The “Aliens” HTB machine is a great challenge for any cyber security enthusiast who wants to enhance his or her network penetration testing skills. Users should be able to solve this aliens htb write up machine and obtain root by following the step-by-step enumeration, exploitation, and post-exploitation. This write-up provides an overview of what was done in each stage and equips the reader with knowledge and tools necessary to conquer the “Aliens” HTB machine.

Share.