HackTheBox: Artificial - A Journey to Root

Overview

This post provides a comprehensive walkthrough of the 'Easy' HackTheBox machine "Artificial." We will dissect each phase of the attack, from initial reconnaissance to full system compromise. The attack path demonstrates a realistic chain of exploits, beginning with a sophisticated deserialization vulnerability in a web application, pivoting through the system by cracking user credentials, and culminating in privilege escalation by exploiting a misconfigured service.

  • Machine: Artificial
  • Operating System: Linux
  • Difficulty: Easy
  • Points: 20
  • Key Vulnerabilities: Insecure Deserialization, Weak Hashing Algorithm (MD5), Credential Leakage, Command Injection.

MITRE ATT&CK® TTPs Employed

  • Initial Access:
  • T1190 - Exploit Public-Facing Application: Gaining initial entry by exploiting a vulnerability in the web application on port 80.
  • Execution:
  • T1059.006 - Command and Scripting Interpreter (Python): The target server executed our malicious Python code embedded within the uploaded TensorFlow model.
  • T1059.004 - Command and Scripting Interpreter (Unix Shell): Used to obtain reverse shells via bash and /bin/sh.
  • Credential Access:
  • T1552.001 - Unsecured Credentials (Credentials in Files): Extracting password hashes from the users.db database and the config.json configuration file.
  • T1110.001 - Brute Force (Password Cracking): Cracking the discovered MD5 and Bcrypt hashes offline with hashcat.
  • Lateral Movement:
  • T1021.004 - Remote Services (SSH): Using cracked credentials for the gael user to log in and move from the app user context.
  • Privilege Escalation:
  • T1068 - Exploitation for Privilege Escalation: Abusing the misconfigured Backrest service, which was running as root, to execute commands.
  • Discovery:
  • T1046 - Network Service Scanning: Using nmap to identify open ports and services.
  • T1083 - File and Directory Discovery: Locating sensitive files like users.db and backrest_backup.tar.gz.
  • Command and Control:
  • T1105 - Ingress Tool Transfer: Uploading the malicious exploit.h5 file to the target server.
  • T1090 - Proxy: Using SSH local port forwarding to access a service bound to the target's localhost.

1. Initial Foothold: Web App to app User

1.1 Enumeration & Reconnaissance

Our process begins with a thorough nmap scan to map the target's attack surface.

Bash

# Scan all TCP ports, run default scripts (-sC), and enumerate service versions (-sV)
nmap -sC -sV -p- <TARGET_IP> -oN nmap_scan.txt

The scan reveals an OpenSSH server on port 22 and an Nginx web server on port 80. The website, "Artificial - AI Solutions," is a platform for uploading and running AI models. This type of functionality is a prime target for file upload and code execution vulnerabilities. Directory and Subdomain busting also came back empty. So we registered as a user and logged in.
An image to describe post

1.2 Exploiting TensorFlow Deserialization

The application explicitly states in requirements.txt it uses TensorFlow. This is a critical clue. TensorFlow's load_model() function can be vulnerable to remote code execution if it processes an untrusted model file. The vulnerability stems from the Lambda layer in TensorFlow's Keras API, which allows an arbitrary Python function to be embedded directly into the model's structure. When the model is loaded, this function is deserialized and executed.

Crafting the Malicious Payload:

#cybersecurity #exploitation #h5 #backrest #tensorflow