hardening

HTB module link:https://academy.hackthebox.com/module/51/section/479

Update and patching

• Update linux kernel

Configuration management

• Audit writable files and directories and any binaries set with the SUID bit.

• Ensure that any cron jobs and sudo privileges specify any binaries using the absolute path.

• Do not store credentials in cleartext in world-readable files.

• Clean up home directories and bash history.

• Ensure that low-privileged users cannot modify any custom libraries called by programs.

• Remove any unnecessary packages and services that potentially increase the attack surface.

• Consider implementing SELinux, which provides additional access controls on the system.

User management

Configuration management automation tools

• Puppet

• saltstack

• Zabbix

• Nagios

Audit

Approach

1. sudo -l

2. sudo -V (version)

3. Look for SUID and GUID binaries

4. Look for .bash_history or .config files

5. Check /etc/passwd or /etc/shadow file

6. Look for .ssh keys

7. Look for apache2 or mysql, wordpress, or other service config/database files

8. Kernel exploits

Learning:

1. If you found a local running web service and the web server directory is RWX by you. You can place a .php, .py file in the web server directory and access it through to get reverse shell.

2. If an internal web server directory is RWX by you. Check out the check out the technologies used by the web application. Exploit it if it vulnerable to any CVE. (use DevTools to check tech stack)