Hack The Box: DevOops

Difficulty: Medium Machine Creator: lokori Tools Used:

NMAP Gobuster Burp Suite Python

Task: To find User.txt and Root.txt

Network Enumeration

Let’s start with an NMAP scan.

nmap -sS –min-rate 5000 –max-retries 1 -p-


The first thing that I always try when I have a port that NMAP cant determine what is running I attempt to open it in a browser.


The webpage does not show any useful information let’s use gobuster to find any directories.

gobuster -u -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -t 40

XML External Entity (XXE)



Now that we have the structure of the XML we can hopefully do some Local File Inclusion.

When we run the python script, it returns a base64 encoded hash that we can use in our XXE.

Reverse shell

nc -lvnp 1337

python -c ‘import pty; pty.spawn(“/bin/sh”)’


Privilege Escalation

| When trying to find the original posting, I’m getting an error we need to fix this shell.

I was able to find an ssh key for Roosa.


#LocalFileInclusionLFI #XMLExternalEntityXXE