Hack The Box: Blocky
Synopsis: Blocky was relatively simple with a nice easy route to user and root making for a great box to start off with. It is a good example of why should clean up your site post development and why red teaming can be so valuable as an assessment certainly would have caught the user password in the JAR file. I used the the official write up when I got stuck but I am happy with the amount of progress I was able to make with
Nmap was used to find what services were open on this host. In this case 21, 22, and 80 are open.
Blocky is a reference to minecraft so it wasn’t a surprise that I found a minecraft server.
I ran dirb against the web page to see what pages existed. http://10.10.10.37/plugins was of particular interest. I used second dirb to enumerate further locating the /files directory.
I downloaded and decompiled these files I was able to locate the root password in the BlockyCore.jar file!
Using these credentials I tired to log in as root over SSH but it unfortunately it didn’t work. Luckily I was able to find a username by looking at the only blog post. This was a place I got stuck and needed some help from the official write up.
From here I was able to elevate to root as notch is in the sudoers group and go and grab the user and root flags.
