THM — Opacity

Opacity is a Boot2Root made for pentesters and cybersecurity enthusiasts. There are several ways to perform an action; always analyze the behavior of the application.

Photo by Daniel Schludi on Unsplash

Opacity is an easy machine that can help you in the penetration testing learning process.

There are 2 hash keys located on the machine (user — local.txt and root — proof.txt). Can you find them and become root?

💡 Hint: There are several ways to perform an action; always analyze the behavior of the application.

We start by adding the given IP to the /etc/hosts file in case there are any DNS issues down the line. Next, we go directly into an Nmap scan to see if there are any open ports.

root@ip-10-10-226-222:~# nmap -sT -sV -sC -p- opacity.thm

Starting Nmap 7.60 ( <https://nmap.org> ) at 2024-01-16 13:14 GMT
Nmap scan report for opacity.thm (10.10.18.86)
Host is up (0.0037s latency).
Not shown: 65531 closed ports
PORT    STATE SERVICE       VERSION
22/tcp  open  ssh           OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
80/tcp  open  http          Apache httpd 2.4.41 ((Ubuntu))
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-title: Login
|_Requested resource was login.php
139/tcp open  netbios-ssn?
| fingerprint-strings: 
|   SMBProgNeg: 
|_    SMBr
445/tcp open  microsoft-ds?
| fingerprint-strings: 
|   SMBProgNeg: 
|_    SMBr
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at <https://nmap.org/cgi-bin/submit.cgi?new-service> :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port139-TCP:V=7.60%I=7%D=1/16%Time=65A6814B%P=x86_64-pc-linux-gnu%r(SMB
SF:ProgNeg,29,"\\0\\0\\0%\\xffSMBr\\0\\0\\0\\0\\x88\\x03@\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\
SF:0@\\x06\\0\\0\\x01\\0\\x01\\xff\\xff\\0\\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port445-TCP:V=7.60%I=7%D=1/16%Time=65A68146%P=x86_64-pc-linux-gnu%r(SMB
SF:ProgNeg,29,"\\0\\0\\0%\\xffSMBr\\0\\0\\0\\0\\x88\\x03@\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\
SF:0@\\x06\\0\\0\\x01\\0\\x01\\xff\\xff\\0\\0");
MAC Address: 02:CA:B6:16:9D:5B (Unknown)
Service Info: OS: Linux; CPE…