Hack the Box (HTB) machines walkthrough series — Teacher
Hack the Box (HTB) is an excellent platform that hosts machines belonging to multiple operating systems. Individuals have to solve the puzzle (simple enumeration plus a pentest) to log in to the platform and download the VPN pack to connect to the machines hosted on the HTB platform.
Note: Only write-ups of retired HTB machines are allowed. The machine in this article, named Teacher, is retired.
Learn ICS/SCADA Security Fundamentals
Let’s start with this machine.
- Download the VPN pack for the individual user and use the guidelines to log in to the HTB VPN
- The “Teacher” machine IP is 10.10.10.153
- Utilize the usual methodology of performing penetration testing. Let’s start with enumeration to gain as much information for the machine as possible
- Begin with the nmap scan to gather more information around the services running on this machine [CLICK IMAGES TO ENLARGE]
<<nmap -sC -sV -oA Teacher 10.10.10.153>>
- Let’s enumerate the ports discovered above. Below is the home page for port 80
- In enumerating the pages and their source, we find that image 5.png is different
- Downloading the image and opening it reveals the following text
- It looks like Giovanni is a user and there is a password as well without the last letter. But where to log in? Let’s go back to enumeration
- Browsing directories reveals the following interesting information
- Checking into “moodle” reveals the following page
- And below is a login page to the moodle platform
- Since we have the login page, we can utilize the earlier discovered information to brute force the ID. After successful bruteforcing, # was a character missing in the password
- After a bit of searching, I was able to find an exploit for moodle. Follow it to gain access to the system
- Under the course, algebra, add a new quiz
- Edit the quiz and add a question type. In this case, the type is calculated
- Under the formula, add the shell to get command from the URL as shown below
- Save and move to the next page. The below page appears
- Move forward and the vulnerable page appears
- Note the above cmd added to the URL, which spawned the reverse shell
- Elevate the shell as shown above and enumerate to find the below file
- We get the creds for the db. Use that to enter the db to see the databases below
- Under moodle DB, there are a lot of tables. Under the tables, we get mdl_user, which has the passwords
- Password was then cracked using an online portal
- Use the recovered password to escalate to giovanni
- Enumerate it to collect the user.txt file
- After enumeration, you will find a backup.sh file. Contents are below
- Below, ownership of files can be seen
- Symlink the root file onto tmp folder
- Move to the file to grab root.txt file
Learn ICS/SCADA Security Fundamentals
The moodle exploit takes some time to understand and execute. The path to root was based on enumeration of backup.sh.
Stay tuned for more in this series.
Learn Threat Modeling
Get hands-on experience identifying security weaknesses in software design and architecture. What you'll learn:- Threat modeling basics
- Core security frameworks
- Elements of a threat model
- Agile architecture
- And more
In this series
- Hack the Box (HTB) machines walkthrough series — Teacher
- CompTIA CySA+ Salary: What to expect in 2025
- How to become a cybercrime investigator
- CEH version comparison: V12 to V13 evolution guide
- SecurityX (CASP+) certification: Overview and career path [2025 update]
- Network+ certification: Overview and career path [2025 update]
- ISC2 CSSLP certification overview: What you need to know
- ISC2 CGRC: Overview & career path
- CRISC certification: Overview & career path [updated 2021]
- PMP certification: Overview and career path [updated 2021]
- ISACA CDPSE certification: Overview of the new ISACA privacy certification
- CGEIT certification: Overview and career path [updated 2021]
- What is a cyber range?
- Microsoft azure certification: Overview And career path
- CEH salary guide: What Certified Ethical Hackers really earn
- Average SecurityX (CASP+) salary [2025 update]
- CompTIA Network+ certification — A 2025 salary analysis
- CompTIA CySA+ exam (CSO-003): Your guide
- CCSP salary: How much can you make as a cloud security professional?
- Average Security+ salary (2025): Your guide to a prosperous cybersecurity career
- Average CGRC (Certified in Governance, Risk and Compliance) salary
- CRISC Frequently Asked Questions (FAQ) [updated 2022]
- Average CSSLP Salary in 2021
- ISACA CDPSE exam details and process
- How To Become CGEIT Certified – Certification Requirements [updated 2021]
- How to pick the best cyber range for your cybersecurity training needs and budget
- CEH exam eligibility: Application process & requirements guide
- SecurityX (CASP+) frequently asked questions (FAQ) [2025 update]
- CISSP domains overview: Your complete preparation guide
- CCSP exam and CBK changes in August 2024
- Comprehensive guide to CompTIA Security+ domains (2025)
- Average CRISC Salary [2023 update]
- CGRC certification job titles and career outlook
- ISC2 CSSLP exam details and process
- ISACA CDPSE certification exam: Overview of domains
- An Introduction to the PMP: Exam Details and Process [updated 2021]
- CGEIT certification exam: overview of domains [Updated 2021]
- 10 Success Tips: How to Pass Your Certified Ethical Hacker (CEH) Exam
- Network+: Exam details and process [2025 update]
- SecurityX (CASP+): Exam details and process [2025 update]
- How to become CCSP certified: Certification requirements
- Certified in Risk & Information Systems Control (CRISC) Exam Overview [updated 2022]
- ISC2 CGRC exam details and process
- Best CSSLP study resources and training materials
- ISACA CDPSE domain 1: Privacy governance
- 10 Tips for PMP Certification Exam Success [updated 2021]
- CGEIT certification exam details and process [updated 2021]
- Certified Ethical Hacker (CEH) study guides & resources [updated 2025]
- CompTIA SecurityX resources: Videos, books, tests and more!
- How to get the CompTIA Network+ certification: Requirements and step-by-step instructions [2025 update]
- CySA+ exam objectives: The 4 domains that will be covered
Unlock pricing and see how Infosec IQ can help you empower employees with 2,000+ security awareness resources to:
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
CompTIA CySA+
Discover the latest salary trends for CompTIA CySA+ certified professionals in 2024. Learn what factors influence your earning potential in the cybersecurity field.
Cybercrime investigator
Cybercrime has hit record levels, with an expected $7 trillion USD to be made from cybercriminal activity by 2021. Investigating these sorts of crimes can be
EC-Council CEH
CEH v13 is the world's first AI-powered ethical hacking certification. Discover what's new, how it compares to v12/v11 and why it's a career game-changer.
CompTIA SecurityX
Explore the expert-level CompTIA SecurityX certification, what to expect on the exam, the career benefits and more.
