HackTheBox - Valentine Writeup
Valentine is an easy Hack The Box Linux machine vulnerable to Heartbleed (CVE-2014-0160). Nmap reveals SSH, HTTP, and HTTPS services, with a clue to Heartbleed in the SSL cert. Exploiting the vulnerability leaks memory contents containing a base64-encoded passphrase. This decrypts an SSH private key, granting access as hype. Privilege escalation is achieved via an exposed tmux session, leading to root.
November 20, 2022 1 min read gobuster heartbleed CVE-2014-0160 tmux-session ssh-no-mutual-signature-supported