Overview

The machine starts by vhost enumeration that discovers an Apache NiFi instance vulnerable to CVE-2023-34468, exploiting it to get a shell and find a leaked SSH key to login as operator, on the desktop we find a PDF describing a SCADA system with an OPC UA server exposed locally so we enumerate the nodes, manipulate CalibrationOffset to push temperature into the maintenance window while keeping TestOverride active to unlock a root console and get shell as root

Enumeration

we start with our usual nmap scan

shell

nmap -sC -sV -vv -oA init ...

HTB: Helix

Overview

Enumeration

`Share`

`Subscribe to the newsletter`