Hackthebox Academy Walkthrough Web Requests

Scott Simon

3 min read

·

12-01-2025

1

0

Share

This walkthrough details the "Web Requests" machine within the HackTheBox Academy platform. This machine focuses on fundamental web exploitation techniques, providing a great entry point for beginners. We'll cover the key steps involved in compromising the system, emphasizing the importance of understanding HTTP requests and responses.

Reconnaissance

The first step, as always, is reconnaissance. We begin by firing up our favorite tools, such as nmap for port scanning. A quick nmap -sV <target IP> reveals a single open port: port 80, hosting an Apache web server. Let's navigate to the target IP in our web browser.

We're presented with a simple website featuring a login form. This immediately suggests a potential vulnerability involving authentication bypass or injection. Further inspection of the source code reveals nothing immediately obvious, but the presence of the login form itself is our key focus.

Exploitation

The core challenge lies in understanding how the website handles HTTP requests. Using tools like Burp Suite, we can intercept and modify these requests. Specifically, we can look at parameters being passed to the server during login attempts. Manually testing with common usernames and passwords (admin/password, etc.) yields no immediate results.

Let's analyze the login process using Burp Suite's proxy. We can see that the login form submits a POST request containing username and password parameters. By altering these parameters or attempting various injection techniques, we can test for vulnerabilities. Here is where a methodical approach is crucial.

SQL Injection Attempt:

A common tactic would be to attempt SQL injection. For instance, we might try appending a single quote to the username field (e.g., ' OR '1'='1'). If the application is vulnerable to SQL injection, this query should bypass authentication, as it would force the database to return true. However, this machine does not appear to be vulnerable to basic SQL injection.

Brute Force Consideration:

While brute-forcing credentials is generally discouraged against systems you don't have explicit permission to test, we can consider a controlled brute-force approach using a wordlist specifically tailored for common usernames and passwords within the context of the problem provided by the machine. However, a successful brute-force attack would depend on weak credentials used by the application. This approach should be considered as a last resort.

Identifying the Vulnerability:

After rigorous testing, the successful exploit path most likely will involve a different approach. The key lies in carefully examining the HTTP responses after each attempted login. The server may reveal clues within the responses themselves or exhibit slightly differing behavior depending on the success or failure of an action. Analyzing the returned HTTP headers and error messages is a crucial step in finding the vulnerability. Pay close attention to the response codes (200 OK, 401 Unauthorized, 500 Internal Server Error, etc.) as they provide critical information.

Privilege Escalation

Once we have successfully logged in, we'll have gained access to the user account. The next step involves privilege escalation. This commonly involves looking for misconfigured files, weak passwords, or exploitable vulnerabilities within the system's files and applications. Standard Linux privilege escalation techniques should be employed. These would involve reviewing the user's sudoers file (/etc/sudoers), checking for world-writable files, and exploring any unusual processes or daemons running on the system.

Conclusion

The "Web Requests" machine on HackTheBox Academy is an excellent exercise to learn about basic web exploitation techniques. It emphasizes the importance of understanding HTTP requests and responses, careful observation of server behavior, and the systematic approach to vulnerability discovery. By combining manual testing with the right tools, even a beginner can learn to successfully compromise this system. Remember always to gain explicit permission before attempting to test any system for vulnerabilities.