Detailed walkthrough of the Basic Pentesting room on HackTheBox, covering reconnaissance, enumeration, exploitation, and privilege escalation techniques.
Reconnaissance
The first step in any penetration test is reconnaissance. I started with a basic Nmap scan:
nmap -sC -sV -oN initial_scan 10.10.10.50
This revealed several open ports including SSH (22), HTTP (80), and SMB (139/445).
Enumeration
Web Server
Browsing to port 80 showed a default Apache page. I ran Gobuster to find hidden directories:
gobuster dir -u http://10.10.10.50 -w /usr/share/wordlists/dirb/common.txt
SMB Shares
Using enum4linux, I discovered accessible shares and usernames on the system.
Exploitation
With the gathered credentials, I was able to gain initial access via SSH and then escalate privileges using a misconfigured SUID binary.
Lessons Learned
- Always enumerate thoroughly before attempting exploitation
- SMB can be a goldmine of information
- Check SUID binaries as part of privilege escalation