This article provides a detailed walkthrough of exploiting the Expressway HackTheBox machine, focusing on IKE/IPSec reconnaissance, PSK cracking, SSH pivoting, and a hostname-based sudo bypass. It highlights key penetration testing techniques for network enumeration and privilege escalation. #IKE #PSKCracking
Keypoints
- The initial reconnaissance identified an IPSec VPN service running with weak configuration details.
- Capture and cracking of the IKE aggressive handshake yielded the pre-shared key (PSK).
- SSH access was gained by using the cracked PSK, allowing further enumeration.
- An unusual sudo binary and internal hostname logs indicated a hostname-based sudo bypass vulnerability.
- Executing sudo with a specified hostname triggered a privilege escalation to root.