A straightforward easy box on Hackthebox by enumerating wordpress site. Reversing a jar file and misconfiguration on sudo. As usual you should start on scanning the target.
Do your usual content enumeration in this case I use gobuster*. I notice that the webserver is running wordpress site.
Run a wpscan* scan, try to enumerate everything. The following is an interesting finding that will be relevant to next exploitation process which is username notch.
Exploring the result of content enumerations we found multiple unusual plugins with jar extension.
Reversing jar files using jadx-gui* we found some interesting strings.
Credential Found: notch:8YsqfCTnvxAUeduziJNSXe22
Use the credential to access shell via SSH. Funnily enough the server is misconfigured to allow NO PASSWORD sudo* as Notch. Free root boys.
