http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges.
In this walkthrough, we demonstrated how to compromise the Fish.io box on Hack The Box. By identifying open ports, enumerating HTTP services, exploiting a web application vulnerability, and leveraging a misconfigured sudo command, we were able to gain root access to the system. This exercise highlights the importance of secure configuration, input validation, and access control in preventing similar attacks.
sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information: hack fish.io
<!-- TODO: move to prod env --> This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces:
After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password: http://10
nmap -sV -p- 10.10.10.15 The scan reveals that ports 22 (SSH), 80 (HTTP), and 8080 (HTTP) are open. We can now focus on exploring these services further.
sudo -l We can leverage this configuration to gain root access: We can now focus on exploring these services further
Hack The Box is a popular online platform that offers a variety of virtual machines (VMs) for cybersecurity enthusiasts to practice their hacking skills. One of the boxes available on the platform is Fish.io, a Linux-based VM that simulates a real-world hacking scenario. In this walkthrough, we'll explore the steps to compromise the Fish.io box and gain root access.
Next, we visit the HTTP service running on port 80:
We create a PHP reverse shell using a tool like msfvenom :
You're interested in writing about Hack The Box's Fish.io, I presume?