
Hackthebox - Haze Machine - Writeup
User Flag Started by doing some nmap scans: sudo nmap -p- --min-rate=1000 -oN nmap.out haze.htb sudo nmap -p$ports -sC -sV -vv -oN nmap_scripts.out haze.htb In port 8000 we find a splunk service: And in port 8089 we can find the version of splunk: It appears that this version has a critical vulnerability: https://www.sonicwall.com/blog/critical-splunk-vulnerability-cve-2024-36991-patch-now-to-prevent-arbitrary-file-reads Let’s try to exploit it: https://github.com/bigb0x/CVE-2024-36991 python CVE-2024-36991.py -u http://haze.htb:8000 We are unable to crack the hashes, but we find 3 potencial users: edward,mark and paul....