Week 3 HTB Report bike

Report by Rowen
 Table of Contents
Pen Test: bike
Intro and Objective
Introduction
Objective
Report – high level summary
High level summary
Recommendations
Report – Methodologies
 Introduction and Objective
Introduction
This document provides comprehensive and detailed documentation
outlining the steps taken to penetrate the security and resilience of the target known
as "bike." Throughout this guide, we will cover various measures and best
practices aimed at fortifying the machine against potential vulnerabilities and
security threats.
Objective
The objective of the penetration test is to discover and exploit vulnerabilities
in the machine with the main target being to gain access to machine and gain
administrator privileges. However, this is not for malicious purpose as the scope of
this test is to demonstrate the process used in a concise manner while also
explaining any steps or best practices to be taken to patch or monitor the associated
vulnerabilities to secure the target machine.
 Report: High level summery

Summery
I was tasked with performing the Pen test against the target on the HTB
network. The test serves as a simulated attack against this specific machine.
Initially I scanned the machine to see what ports were open and what was running.
After scanning the is a node.js running that is vulnerable to a server side template
injection. from the error one can capture the request and then resubmit the payload
again and then connect to tehj target after it executs the code. This gaisn access to
the target but not root access which can be gained by changing the template that is
injected to modify the payload executed to give root access
Recommendations
I would shut down the machine if not needed or remove the ssi application
of the website so that it is not a gaping hole in security.
 Report – Methodologies
First we scan the target

https://medium.com/@exoticspices/htb-bike-walkthrough-very-easy-e17087ed0c54

(for reference)