THREE– Starting Point – Hack The Box // Walkthrough // Kali Linux
Hey Purple Team, Dan here! Today we dive into the “Three” box, a part of the Hack The Box’s Starting Point series using our Kali Linux. 🛡️ NMAP TUTORIAL 👉 • NMAP Basics Tutorial for Kali Linux B…
We tackle the challenge of exploiting a server by uploading a PHP shell into Amazon Web Services (AWS) S3, leading to remote code execution (RCE) and ultimately, capturing the flag. This demonstration is not just about hacking into a system; it’s about understanding the vulnerabilities that exist within cloud environments and how they can be mitigated.
We start by exploring the setup of “Three,” a seemingly innocuous box that hides its vulnerabilities behind common web technologies. The goal here is to leverage a PHP shell upload vulnerability, a classic but potent attack vector, to gain unauthorized access to the server’s inner workings.
The PHP Shell Upload: The core of our attack involves uploading a malicious PHP script to the server’s AWS S3 bucket. This script is not a simple file; it’s a doorway through which we can execute commands on the server. We’ll walk through how to craft this PHP shell, ensuring it’s stealthy enough to bypass basic security measures.
Gaining Access: With the shell uploaded, the next phase is triggering the script to execute. This step is where the magic happens – using the shell to execute arbitrary code on the server. We’ll demonstrate how to interact with the shell, sending commands back and forth, and how to maintain a stable foothold within the server.
Remote Code Execution (RCE): Remote Code Execution is the ability to run commands on a remote server. In the context of “Three,” we exploit our uploaded PHP shell to run commands that explore the server’s environment, search for vulnerabilities, and eventually find and display the coveted flag.
Capturing the Flag: The climax of our journey is capturing the flag, a token hidden within the server that proves we’ve successfully exploited it using Kali Linux. We’ll use our RCE capabilities to navigate the server’s file system, locate the flag, and reveal it on screen.