Hack The Box: Valentine


Difficulty: Easy

Machine Creator: mrb3n

Tools Used: NMAP Gobuster Python

Network Enumeration Let’s start with a quick NMAP scan to discover open ports

nmap -sS –min-rate 5000 –max-retries 1 -p- 10.10.10.79

Web Directory Enumeration Let’s use Gobuster to search for directories.


HTTP Enumeration



If we browse the directories from the Gobuster scan, we can see a couple of files in the dev directory.






/usr/share/nmap/scripts/ | grep “ssl”


nmap –script=ssl-heartbleed -p 443 10.10.10.79

If we look back at the image in the website, this can hint to the vulnerability.

Exploitation There is a Metasploit module for heartbleed but let’s do this exploit manually. We can download a python script from GitHub that will exploit heartbleed.1

https://gist.githubusercontent.com/eelsivart/10174134/raw/8aea10b2f0f6842ccff97ee921a836cf05cd7530/heartbleed.py



User.txt


We can read user.txt as user hype.

Privilege escalation


tmux -S /.devs/dev_sess

Connecting to the root tmux session we now have a root terminal.

Root.txt