SOLIDSTATE: 1 Walkthrough

It was originally created for HackTheBox

SolidState: 1
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with…

Enumeration

no need to enumerate port 22.

More Enumeration…

let’s enumerate the HTTP,

nikto scan results
Gobuster scan

Manual testing,

The site seems to be a static one.

  • Searching Exploit,

The exploit will get triggered when someone logs in.

Let’s change pwd for other users.

Let’s read the mails,

John has some messages.
Mindy has some mails.

Let’s read the mail,

About Mindy
Perfect example of misconfig.

username: mindy
pass: P@55W0rd1!2@

Let’s SSH,


Privilege Escalation

Use this to break out of the shell,

Ref: https://www.hackingarticles.in/multiple-methods-to-bypass-restricted-shell/


Photo by Hybrid on Unsplash