The description states:  "This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target."

    Another box from my new favorite author.  What I like about this one is that you can get lost in the amount of avenues but if we focus on enumeration right from the start, all false avenues can be avoided.

    We kick off with Nmap:


    This is most definitely a blast from the past.  I found some site that had a list of "must-do" HTB boxes and Jeeves was listed.  I don't have a folder named Jeeves on my machine which means it's never crossed my path.  There's a bit of irony here that made this much easier than perhaps it would have been because when we discover our entry, it's something that was unfamiliar to me some time ago.  I'd heard so much about this platform, I decided to investigate it and I'd written an entire post about it which I'll reference shortly.  Moving on...


    CVE-2020-1938

    I'm rewording this somewhat:  "This vulnerability report identified a mechanism that allowed returning arbitrary files from anywhere in the web application."  You can read the full description from the link above. 

    We run an Nmap scan and we find the following:


    I'd heard about this some time ago and it was one of those things that I wanted to try.  Basically, the idea is that you base64 encode commands and you input the commands as TXT records in DNS.  Then you call those records, decode the payload, and execute it.  Honestly, this would have taken seconds on a Linux machine but it's more like the target would be Windows so I went with PowerShell.  I'm having a love-hate relationship with PowerShell and this, as always, is not elegant but it is functional.


    "The Apache JServ Protocol is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server."

    We kick off with an Nmap scan and we find port 8009 open:


    The description states:  "This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target."

    I believe this is the same author as the Tomcat server I just wrote up this week.  Again, there's a certain style as to how the author builds boxes and I like it.  The point here is that finding mistakes and abusing functionality is very common versus say a zero day or a publicly known exploit, in my opinion. 

    We kick off with Nmap:


    Page 9 of 59

    © 2020 sevenlayers.com