Chemistry HTB Machine

This project aimed to exploit the Chemistry machine in HTB, an easy difficulty challenge, by obtaining both the user flag and user root. The team conducted reconnaissance using Nmap, discovering open ports, with port 5000 leading to a CIF Analyzer web app.

Through analysis, they exploited a CVE-2024-23346 vulnerability in CIF files to establish a reverse shell. Further enumeration revealed user credentials stored in a database, which were cracked and used to gain SSH access, obtaining the user flag. For privilege escalation, Linpeas was used to find a path traversal vulnerability (CVE-2024-23334), which allowed access to the root.txt file.

The goal was to demonstrate skills in exploitation, network scanning, and privilege escalation.

Screenshots