BountyHunter is a very simple Linux machine designed for beginners. In this walk-through we will be going understand how to gain user and root access of a machine.

The IP address assigned to me here is 10.10.11.100 but there could be a chance that you could get a different IP address.

Note: The walk-through is written for a retired machine and for accessing and solving this machine you need to have VIP access of HacktheBox.

Reconnaissance

In the initial reconnaissance, we started port scan for the machine. Here, we have used NMAP for port scanning.

nmap -vv — reason -Pn -T4 -sV -sC — version-all -A — osscan-guess -oN 10.10.11.100

Discovery and Scanning

22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.2

80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41

Enumeration

Start enumerating port 80, and we see there is a web application hosted running on Apache server.