Following is the HackTheBox Beep machine’s walkthrough.
Vulnerability Exploited: Elastix 2.2.0 — ‘graph.php’ Local File Inclusion
Steps:
Nmap port scan:
Command: nmap -Pn -p- -sV --reason 10.10.10.7
Upon accessing Web-server, it appears to run Elastix service.
After searching for exploits for Elastix we can see there a lot of exploits available. Let’s try Local File Inclusion exploit.
Use exploit command specified in the comment of exploit code.
Copy all the content from web-page to a local text file.
After formating the page by replacing all ‘#’ with ‘\n#’ we get the file content as follows.
There are a few passwords stored in this file. Let’s use the above-highlighted password string and try to SSH into the system.
We successfully login as root.
