Embark on your HackTheBox journey with the Sightless challenge, a test of your cybersecurity prowess. Prepare to delve into the world of reverse shells, root flags, and privilege escalation. Get ready to navigate through nmap scans, SQL injections, and brute force attacks. In this blog post, we’ll guide you through conquering Sightless, equipping you with the skills to navigate the complexities of the hacking landscape.

HackTheBox is a renowned platform for honing cybersecurity skills through real-world challenges. The Sightless challenge, a popular task on the platform, tests participants’ abilities to navigate without the sense of sight, metaphorically representing the need for detailed enumeration to uncover vulnerabilities. To conquer Sightless effectively, participants must rely on thorough enumeration techniques and creative exploitation methods to maneuver through the challenge successfully. Understanding the nuances of HackTheBox challenges like Sightless is crucial for aspiring cybersecurity enthusiasts.

HackTheBox is an online platform that allows users to test and enhance their hacking skills in a controlled environment. It provides various challenges, including the Sightless challenge, to simulate real-world scenarios for cybersecurity enthusiasts.

The Sightless challenge on HackTheBox is designed to test your skills in penetration testing and ethical hacking. Participants must navigate through a series of tasks to gain access to the target machine without traditional visual cues. This challenge often requires a keen understanding of various NLP terms like reverse shell, enumeration, and sql injection. Successfully completing Sightless involves meticulous enumeration, exploitation of vulnerabilities, and gaining root access to retrieve the root flag. It’s a thrilling exercise that sharpens your hacking abilities.

To tackle the Sightless challenge efficiently, ensure you have the necessary resources. Set up your attack box with tools like nmap scan, Python, and SSH for a smooth hacking experience. Familiarize yourself with common hacking techniques like reverse shell and enumeration. Have your private keys and basic scripts ready for any eventuality. Understanding the importance of enumeration and default credentials can save you valuable time during the challenge. Stay organized by creating folders and repositories to store your findings securely.

To excel in the Sightless challenge on HackTheBox, arm yourself with essential tools like nmap for scanning, Python for scripting, and SSH for secure access. Utilize Github repositories for code references and private keys for authentication. Gobuster aids in directory brute forcing, while SQL injections and reverse shells can be pivotal. Don’t overlook the significance of enumerating services and default credentials. Having a well-equipped attack box with varied tools like PHP and Bash will enhance your hacking capabilities. Employ these resources strategically to navigate through the challenge successfully.

To set up your hacking environment for the Sightless challenge, ensure you have tools like nmap, Python, and php installed. Secure a private key and familiarize yourself with reverse shell techniques. Use gobuster for directory enumeration and GitHub for valuable repositories. Remember to set up an attack box separate from your main server for testing. Configure SSH credentials carefully and keep your system updated to avoid vulnerabilities. Prioritize creating a safe and efficient workspace to enhance your hacking experience.

Identifying the target’s IP address is crucial for initiating the hack. Utilize Nmap scans to discover open ports and services. Enumerate services to unveil potential vulnerabilities using tools like Gobuster. Check for default credentials or exposed repositories on Git to gather initial access. Crafting a specific payload for exploitation is key. Engage in thorough reconnaissance to gather essential information before attempting any attack. This phase sets the foundation for a successful invasion.

Let’s perform an NMap scan on the machine to get a general idea of the ports and services

The target system has only three open ports: 21, 22, and 80. To begin our investigation, we’ll focus on port 80, which typically hosts web services. Examining this port could reveal valuable information about the web application running on the target, including potential vulnerabilities, exposed directories, or hidden resources. By thoroughly analyzing the HTTP service, we can gather insights that might be crucial for exploiting other vectors or identifying weak spots within the system. Let’s delve into the details and see what port 80 has to offer.

ALSO READ: Mastering MonitorsThree: Beginner’s Guide from HackTheBox

There is no need to use any special points for access; however, among the available services, there’s a redirection to sqlpad.sightless.htb. To access this service, ensure that you add the domain sqlpad.sightless.htb to your hosts file.

The component of SQLPad that connects to the database and executes commands using the database user’s password plays a crucial role in managing database interactions. This component ensures that SQLPad can authenticate and interact directly with the database, allowing users to execute queries, retrieve data, and manage database resources securely. By leveraging the database user credentials, it establishes a secure connection, facilitating the seamless execution of SQL commands within the platform.

Perform an extensive Nmap scan to identify open ports and services. Utilize tools like Gobuster to discover hidden directories on the target. Look for potential vulnerabilities such as SQL injections or insecure login forms. Analyze web servers for misconfigurations or outdated software versions. Check for default credentials, exposed sensitive files, or weak password policies. Enumeration is key to spotting weak points for exploitation. Remember, thorough reconnaissance is crucial before launching any attack. Stay vigilant and meticulous in uncovering potential entry points.

The installed version of SQLPad, identified as 6.10.0, can be found via BurpSuite. While analyzing the vulnerabilities in this version, it was discovered that it is affected by CVE-2022-0944. (Link)

One pivotal aspect of conquering Sightless on HackTheBox is effectively exploiting vulnerabilities. Once vulnerabilities are identified, the next step is to exploit them to gain deeper access into the system. Employ techniques like SQL injection, brute force attacks, or the deployment of custom scripts using Python or PHP to exploit weaknesses. This phase often involves crafting and executing payloads to manipulate the system into granting unauthorized access. Understanding these exploitation methods is crucial for mastering the Sightless challenge. Remember, precision and caution are key in this stage.

To establish a new connection, follow these steps:

Now, let’s write a payload.

It is discovered that the process is running directly as the root user, raising suspicions that it is currently operating with root priviliges.

Upon further examination, I discovered that the .dockerenv file is indeed present, confirming the application is running within a Docker container. Additionally, after inspecting the system’s users, I identified two accounts: one belonging to “michael” and another to “node.” This information suggests that the application may be running under one of these user contexts, which could provide potential entry points for further exploitation.

You will need to log in to the host using the two provided user accounts in order to view the shadow file. This file contains sensitive information about user passwords and their associated properties. Accessing this file requires proper authentication and authorization. Once logged in, you can navigate to the location of the shadow file and review its contents.

It appears that a hash for the user named Michael is there in the Shadow file. Please copy the hash value associated with Michael’s account and proceed to decrypt it.

To access the host as Michael, please use the decrypted password.

SSH as Michael into the machine and access the user.txt file for the user flag

There is a suspicious port, 8080, that needs to be investigated. To do this, you should forward the traffic from port 8080 to your local computer. This will allow you to examine the data and determine whether any unusual activities are taking place.

We find that Froxlor is running on port 8080.

ALSO READ: Mastering Infiltrator: Beginner’s Guide from HackTheBox

For getting access to Froxlor dashboard, we can use chrome remote debugger exploit (Link).There is an execution policy issue in PHP-FPM configuration for the user Michael in Foxlor.

To begin, run netstat -tnlp on Michael’s machine to list all the active network connections and listening ports. Identify all the open ports and forward all of them except the ones that have only two digits.

Use the following SSH command to set up port forwarding for each identified port:

Add all the relevant ports to the command.

Next, open Google Chrome and navigate to chrome://inspect/#devices. Click on “Configure” and add each port as 127.0.0.1:, repeating this step until a connection appears. Once you see a connection pop up, click on “Inspect” to open a new window.

In this new window, switch to the “Network” tab and wait for Michael to log in. Monitor the traffic and locate index.php to find the credentials required to access the login portal on 127.0.0.1:8080. Use these credentials to log in.

After logging in, navigate to the “PHP” section, then go to “PHP-FPM versions” and create a new version. In the PHP-FPM restart command field, input the following command:

Save the configuration and then go to http://127.0.0.1:8080/admin_settings.php?start=phpfpm. Disable PHP-FPM and save the changes, then re-enable it and save again. This will trigger the execution of the copy command.

Verify that the root.txt file has been copied to /tmp.

To proceed, repeat the same process but replace the command with:

Finally, read the contents of the root.txt file in /tmp to obtain the necessary information.

Login via root using the id_rsa key

Access the root.txt file

How to approach HackTheBox challenges as a beginner and avoid common pitfalls. Understanding the importance of enumeration and utilizing tools like nmap scans and gobuster. Tips on identifying vulnerabilities like SQL injections and brute force attacks. Emphasizing the significance of privilege escalation techniques and the proper use of python and php scripts. Preventing mistakes such as overlooking default credentials and repository access. Mastering these techniques will enhance your skills and efficiency in conquering challenges on HackTheBox.

Approaching HackTheBox challenges requires a methodical mindset. Start by enumerating services using nmap scans. Utilize gobuster to discover hidden directories, crucial for finding vulnerabilities. Understand the technology stack – web server, app framework, DBMS – to identify attack vectors. Perform thorough research on known exploits and common misconfigurations. Experiment with various tools like sqlmap for SQL injections. Always document your progress and take notes, aiding in learning from each challenge. Collaborate within the HTB community for insights and guidance.

When starting on HackTheBox challenges like Sightless, common pitfalls include overlooking thorough enumeration, missing misconfigurations, and underestimating the importance of privilege escalation. To avoid these, always conduct comprehensive scans, check for hidden directories, and escalate privileges securely. Take time to understand and practice various exploitation techniques to enhance skills. Avoid rushing through steps, as each phase is pivotal. Regularly update tools and stay informed about the latest security trends to tackle challenges effectively.

In conclusion, mastering the Sightless challenge on HackTheBox requires a combination of technical skills and strategic thinking. By honing your abilities in reverse shells, SQL injections, and privilege escalation techniques, you can enhance your performance in future challenges. Remember to utilize tools like nmap scans and enumeration to your advantage. Stay persistent, learn from your mistakes, and never underestimate the power of collaboration within the HackTheBox community. With dedication and practice, you can elevate your hacking capabilities and conquer even the most daunting challenges.

To begin with HackTheBox as a beginner, start by understanding the platform and challenges, then prepare your hacking environment with essential tools. Next, focus on exploring initial footholds, identifying vulnerabilities, exploiting them, and learning privilege escalation techniques.

Solving a challenge like Sightless on HackTheBox can vary in time depending on individual skills and experience. Beginners may take a few hours to days, while seasoned professionals might crack it within hours. Practice and persistence are key!

Yes, teamwork is not allowed on individual HackTheBox challenges like Sightless. The challenge is intended for solo exploration, enhancing personal skills in cybersecurity and problem-solving. Collaborative efforts are discouraged to ensure fair competition and individual growth.

If you find yourself stuck on a challenge, don’t panic. Take a step back, revisit your approach, ask for hints in the HackTheBox forums, or watch walkthroughs to gain insights. Remember, perseverance and learning from challenges are key to mastering them.

Explore online forums, Discord channels, and HackTheBox community hub for valuable insights, discussions, and collaboration. Engage with like-minded individuals, seek guidance from experienced hackers, and stay updated on the latest trends and techniques. Enhance your skills through shared knowledge and support.