Fish.io — Hack

After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password:

sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information:

http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges.

To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services: hack fish.io

nmap -sV -p- 10.10.10.15 The scan reveals that ports 22 (SSH), 80 (HTTP), and 8080 (HTTP) are open. We can now focus on exploring these services further.

Hack The Box is a popular online platform that offers a variety of virtual machines (VMs) for cybersecurity enthusiasts to practice their hacking skills. One of the boxes available on the platform is Fish.io, a Linux-based VM that simulates a real-world hacking scenario. In this walkthrough, we'll explore the steps to compromise the Fish.io box and gain root access.

http://10.10.10.15/admin Indeed, we find a simple login form. After attempting some common credentials, we manage to log in using the username admin and password password123 . After exploring the file system, we discover that

sudo -l We can leverage this configuration to gain root access:

cat ~fish/config The file contains a password for the root user. We can now switch to the root user and gain full access to the system:

We create a PHP reverse shell using a tool like msfvenom : We can now focus on exploring these services further

You're interested in writing about Hack The Box's Fish.io, I presume?

su root