Delivery — HackTheBox Writeup

4 min readFeb 19, 2021

This is a practical Walkthrough of “Delivery” machine from HackTheBox. Although this machine is marked as easy level, but for me it was kinda intermediate level. Credit goes to ippsec for making this machine available to us and base points are 20 for this machine.

This walkthrough will be explanatory, because I learned a lot of new things from this machine. So, don’t mind my blabbering.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Enumeration

We will kick off this machine with nmap enumeration.

We got two open ports, HTTP and SSH. Let’s visit the site.

Check page source.

HTTP server port

From source and homepage we got hostname and virtual hostname (let’s add them to our /etc/hosts file), as well as another HTTP server running on port # 8065. There’s also a Message, “to get in touch with our team. Once you have an @delivery.htb email address, you’ll be able to have access to our server”.

My understanding is, we can able to access the HTTP server which is running on port 8065 if we have an email address with domain @delivery.htb

Let’s access helpdesk of the server.

We have to open a new ticket to get the delivery.htb email. Fill all the details and submit the ticket.

After submission, it gives you ticket number and email with same ticket number. Now we can use this email address to create new user on 8065 server.

Create new user and fill all the details.

It sends you an verification email to that given email address. Go back to helpdesk tab and check ticket status with details you got from it.

Visit the link and provide credentials of it and login.

Once you login, click on Internal.

We got credentials of a user, we can SSH into it. There’s also a message, where they need to stop using a variant of a said password, this password might not be in the “rockyou.txt” but if hash is retrieved then using custom hashcat rules it possible to crack.

Let’s login first using SSH.