Explore
文章描述了对Hack The Box中的Android机器"Explore"进行渗透测试的过程。通过Nmap扫描发现多个开放端口,并利用CVE-2019-6447漏洞成功获取初始访问权限。随后通过提权和探索敏感信息最终获得用户和root旗帜。 2025-10-4 08:4:10 Author: infosecwriteups.com(查看原文) 阅读量:16 收藏

Hack The Box: Machine

Andrew Paul

© Hack The Box

Explore

Release Date: June 26th, 2021
OS: Android
Category: Mobile
Difficulty: Easy
Created by: bertolis
Link: https://app.hackthebox.com/machines/Explore
Soundtrack: KING OF THE MISCHIEVOUS SOUTH — Denzel Curry

Summary

In this write-up, I walk through the exploitation of “Explore”, an Android-based Hack The Box machine. My initial Nmap scan revealed several open ports, including 2222 (SSH), 42135 (HTTP — ES File Explorer), and 59777 (HTTP — Bukkit JSONAPI). Notably, ES File Explorer — a known vulnerable application — was running on an unexpected port. Leveraging SearchSploit, I identified and executed an exploit for CVE-2019–6447, which allowed me to enumerate files and retrieve sensitive information. Using this foothold, I escalated privileges, explored stored credentials, and ultimately gained root access, successfully capturing both the user and root flags.

Enumeration

Nmap scan

nmap -Pn -sC -sV -O -T4 -p- -oA explore 10.10.10.247

Output

Starting Nmap 7.95 ( https://nmap.org ) at…

文章来源: https://infosecwriteups.com/explore-fc087c281155?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh