Hack The Box Moncton Meetup #6.
The Forge from HTB is rated as medium difficulty and is meant to challenge a user's basic understanding of web exploits. Familiarity with the OWASP Top 10 is recommended, as the walkthrough requires working through various attacks and evaluating Python code to gain access to the root user. The skills required for this walkthrough include basic Linux enumeration, port scanning, Server Side Request Forgery (SSRF) exploitation, and knowledge of using credentials in URLs. Tools required include nmap, gobuster/feroxbuster, and Burp or Zap.
The walkthrough starts with an nmap scan to gather information about the target machine. The results show that FTP, SSH, and HTTP are open but the FTP port appears to be filtered. The next step is to focus on the web, but when accessing the web page, the user is redirected to a domain name page that cannot be found because it's not a real TLD. To resolve this, the user edits the /etc/hosts file to add the domain and IP address of the machine.
After accessing the web page, the user runs a directory buster to gather more information and discovers an interesting feature in the right top corner of the page that prompts an upload form. The user tries to upload a file normally and successfully uploads a Hack The Box logo. They then try to upload a file from a URL and find that the form does hit their server.
The next step is to evaluate the Python code on the back end to see if there are any vulnerabilities to exploit. The code is evaluated and a SSRF vulnerability is discovered, which is then exploited to gain access to the root user.