Executive Report

High-level summary for non-technical stakeholders, including risks and mitigation strategies.

Security Assessment Report: "Ignite" System

Purpose of the Assessment

This report provides an overview of the security assessment performed on the Titanic machine from HackTheBox. The objective of this assessment was to identify vulnerabilities in the system, exploit them to gain unauthorized access, and demonstrate the potential risks posed by these security weaknesses.

Key Findings

During the assessment, multiple vulnerabilities were identified that could allow an attacker to compromise the system:

  • Local File Inclusion (LFI) Vulnerability: The /download endpoint allowed access to sensitive system files by manipulating the ticket parameter.

  • Exposed Sensitive Information: Database credentials and other sensitive information were retrievable through the LFI exploit.

  • Weak Password Storage: Password hashes were obtained from the Gitea database, indicating poor credential management.

  • Vulnerable Third-Party Software: ImageMagick 7.1.1-35 was found to be vulnerable to arbitrary code execution (CVE-2024-41817).

Impact

If exploited in a real-world environment, these vulnerabilities could allow an attacker to:

  • Access sensitive system files, including /etc/passwd and Gitea database files.

  • Retrieve user credentials and escalate privileges through brute force or hash cracking.

  • Execute arbitrary code on the system, leading to full root control.

  • Compromise sensitive user and system data.

Attack Path Summary

  1. Reconnaissance: Discovered open ports 22 (SSH) and 80 (HTTP) using Nmap.

  2. Enumeration: Identified a vulnerable /download endpoint and found the dev.titanic.htb subdomain hosting Gitea.

  3. Exploitation: Utilized LFI to access sensitive files, including gitea.db.

  4. Privilege Escalation: Exploited a known vulnerability in ImageMagick (CVE-2024-41817) to achieve root access.

Recommendations

Short-Term Actions:

  • Sanitize input parameters to prevent LFI vulnerabilities.

  • Update ImageMagick to a secure version to mitigate arbitrary code execution risks.

  • Secure sensitive files and avoid storing credentials in plain text or easily accessible databases.

Long-Term Actions:

  • Implement regular security assessments to detect vulnerabilities promptly.

  • Enforce strong password policies and monitor for credential leaks.

  • Apply the principle of least privilege to limit the impact of potential exploits.

  • Monitor and log system activity to detect and respond to anomalies in real-time.

Conclusion

The Titanic assessment highlighted critical vulnerabilities that could lead to full system compromise due to poor input validation, outdated software, and weak credential management. Addressing these vulnerabilities through immediate patching, secure coding practices, and ongoing security assessments will significantly enhance the system's resilience and reduce the risk of exploitation.

PreviousTechnical ReportNextSet 1: Basics

Last updated