Hack The Box — Beep Writeup w/o Metasploit

This is the 16th blog out of a series of blogs I will be publishing on retired HTB machines in preparation for the OSCP. The full list of OSCP like machines compiled by TJ_Null can be found here.

This blog structure is a bit different from the other blogs. We’ll start with the usual reconnaissance & enumeration phases, however the rest of the blog is split into the three different ways I rooted the machine.

Let’s get started!

Reconnaissance

First thing first, we run a quick initial nmap scan to see which ports are open and which services are running on those ports.

nmap -sC -sV -O -oA initial 10.10.10.7

• -sC: run default nmap scripts
• -sV: detect service version
• -O: detect OS
• -oA: output all formats and store in file initial

We get back the following result showing that 12 ports are open:

• Port 22: running OpenSSH 4.3
• Port 25: running Postfix smtpd
• Port 80: running Apache httpd 2.2.3
• Port 110: running Cyrus pop3d 2.3.7-Invoca-RPM-2.3.7–7.el5_6.4
• Port 111: running rpcbind