Write
OneWriteup
  • Login
  • Register
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
OneWriteup
No Result
View All Result

How I Hacked a Hack The Box Machine “Jarvis” Using White Rabbit Neo AI ?

FOUNDER by FOUNDER
September 17, 2024
Reading Time: 5 mins read
21
0
how-i-hacked-a-hack-the-box-machine-using-ai
Share on FacebookShare on Twitter

In this article, we will delve into how to leverage advanced AI tools for ethical hacking and penetration testing. Specifically, we’ll explore the step-by-step process of hacking the Hack The Box machine, “Jarvis,” using a specialized AI model called White Rabbit Neo AI.

Please note that all the activities discussed here are performed in a controlled lab environment for educational purposes only.

Table of Contents

  1. Introduction to White Rabbit Neo AI
  2. Understanding the Hack The Box Environment
  3. Step 1: Initial Reconnaissance with Nmap
  4. Step 2: Exploring Port 80 and the Web Application
  5. Step 3: Directory Brute Force Attack
  6. Step 4: Detecting SQL Injection Vulnerabilities
  7. Step 5: Automating SQL Injection with SQLMap
  8. Step 6: Enumerating the Database
  9. Step 7: Exploiting Vulnerabilities in PHPMyAdmin
  10. Step 8: Achieving Remote Code Execution and Reverse Shell
  11. Key Takeaways and Conclusion

1. Introduction to White Rabbit Neo AI

White Rabbit Neo AI is an AI tool built on top of the Llama language model, specifically trained to assist with hacking, penetration testing, and cybersecurity-related tasks. Unlike general-purpose AI models like ChatGPT, White Rabbit Neo AI is designed to provide guidance without any censorship, making it ideal for ethical hackers and cybersecurity professionals.

 

 

This AI model allows you to ask questions related to penetration testing, and it provides actionable answers and command examples. Throughout this guide, we will use White Rabbit Neo AI as our “co-pilot” to hack the Hack The Box machine “Jarvis.”

2. Understanding the Hack The Box Environment

Hack The Box (HTB) is an online platform that offers a variety of machines and challenges for ethical hackers to practice their skills. In this tutorial, we’re focusing on the machine named “Jarvis.” HTB is a controlled environment, and the hacking of these machines is purely for educational and testing purposes.

3. Step 1: Initial Reconnaissance with Nmap

To begin hacking “Jarvis,” we first perform an initial reconnaissance to gather information about the target. The AI suggested using Nmap, a popular network scanning tool. Here’s the command provided by White Rabbit Neo AI:

Explanation:

  • -p-: Scans all ports.
  • -sV: Detects the version of the services running on the open ports.
  • -sC: Runs default scripts against the discovered services.

The Nmap scan results revealed three open ports:

  • 22/tcp – SSH
  • 80/tcp – HTTP
  • 64999/tcp – Unknown Service

4. Step 2: Exploring Port 80 and the Web Application

After discovering the open ports, we decided to investigate the HTTP service on port 80. Visiting the IP address in a web browser, we discovered a hotel booking system named “Stark Hotel.” White Rabbit Neo AI suggested inspecting the website’s functionalities and looking for any potential vulnerabilities.

Interestingly, the AI already had some knowledge of the target environment. This is because White Rabbit Neo AI has been trained on publicly available data from various walkthroughs on the internet.

5. Step 3: Directory Brute Force Attack

To find hidden directories and files on the web server, White Rabbit Neo AI recommended running a directory brute force attack using a tool like Gobuster. The AI provided the following command:

We ran the Gobuster command and started exploring website manually.

Here are the results we got from Gobuster.

6. Step 4: Detecting SQL Injection Vulnerabilities

During the manual exploration, we noticed a parameter in the URL (room.php?cod=3) when clicking the “Book Now” button. This URL structure suggested a potential SQL Injection vulnerability since it appeared to retrieve data based on a room ID.

ADVERTISEMENT

Using Firefox Developer Tools, we inspected the network requests and noticed that altering the cod parameter changed the retrieved data. This indicated a possible vulnerability in the parameter that could be exploited.

7. Step 5: Automating SQL Injection with SQLMap

Here’s is the question we have asked to White Rabbit Neo AI:

White Rabbit Neo AI confirmed the possibility of an SQL Injection vulnerability and suggested using SQLMap, a powerful tool for automating the detection and exploitation of SQL injection flaws. The AI provided the following command:

SQLMap quickly identified the cod parameter as vulnerable to SQL injection, revealing that the backend DBMS was MySQL.

The AI then guided us on how to enumerate the database and extract useful information.

We Sent this response back to AI and asked:

Here’s the command provided by White Rabbit Neo AI:

 

8. Step 6: Enumerating the Database

Following the AI’s instructions, we used SQLMap to enumerate the available databases. We discovered the following databases:

  • hotel
  • information_schema
  • MySQL
  • performance_schema

We got the database name and following the AI guide we successfully dumped the database.

The MySQL database contained a table named user with potential user credentials. Dumping this table revealed a password hash for the username DB admin, which SQLMap cracked, revealing the password as imissyou.

9. Step 7: Exploiting Vulnerabilities in PHPMyAdmin

Armed with the credentials (admin and imissyou), we logged into the PHPMyAdmin portal discovered earlier. The portal was running PHPMyAdmin version 4.8.0, which is known to have a Remote Code Execution (RCE) vulnerability.

10. Step 8: Achieving Remote Code Execution and Reverse Shell

We executed the RCE exploit, successfully gaining the ability to run remote commands. The AI then provided a bash reverse shell payload that we used to establish a reverse shell connection to our machine. After starting a Netcat listener, we executed the payload, and Hooooooray —we gained access as the user www-data on the target machine.

11. Key Takeaways and Conclusion

Using AI models like White Rabbit Neo AI for ethical hacking is a game-changer. This AI tool provides step-by-step guidance for various hacking tasks, streamlining the process and saving valuable time for penetration testers. While AI-assisted hacking poses risks if misused, it offers immense benefits for cybersecurity professionals by enhancing efficiency and effectiveness.

 

 

ADVERTISEMENT
FOUNDER

FOUNDER

Cybersecurity aficionado committed to disseminating expertise, crafting articles that empower others to resolve errors and fortify online defenses with ease.

Recently Posted

HOW To BECOME AN ETHICAL HACKER ROADMAP

Free Cybersecurity Roadmap for Ethical Hacking Career in 2025

November 15, 2024
705
Top 4 Cyber attacks Commonly used for Hacking Websites!

Top 4 Cyber attacks Commonly used for Hacking Websites!

November 9, 2024
164
How to use bloodhound tool for pentesting

How to use Bloodhound / Sharphound for Pentesting Active Directory?

November 6, 2024
459
Pass The Hash

How to perform Pass The Hash Attack on Active Directory in 2024?

November 2, 2024
147
Load More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Recommended

The Ultimate Guide: The SuperPower Of Google Dorking

The Ultimate Guide: The SuperPower Of Google Dorking

July 18, 2024
120
How to calculate cvss score

How to Calculate CVSS Score? (Common Vulnerability Scoring System)

September 19, 2024
491

Popular Story

  • Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    740 shares
    Share 296 Tweet 185
  • How to use Bloodhound / Sharphound for Pentesting Active Directory?

    83 shares
    Share 33 Tweet 21
  • Termux Top 10 Most Powerful Tools in 2024

    272 shares
    Share 109 Tweet 68
  • Top Cyber Security VAPT Interview Preparation Questions in 2024

    83 shares
    Share 33 Tweet 21
  • How to find all the subdomains of a domain in 2024 ?

    37 shares
    Share 15 Tweet 9
ADVERTISEMENT
OneWriteup

Discover expert cybersecurity articles, tutorials, and the latest trends to protect your digital world.

  • OneWriteup Labs
  • About Us
  • Feedback
  • Contact Us
  • Report
  • Privacy Policy
  • Community Guidelines
  • Terms Of Service

© 2024 OneWriteup

No Result
View All Result
  • Trending
  • Articles
  • News
  • Blog
  • Tutorials
  • Research
  • Top 10 Lists
  • Case Studies
  • Interviews
  • Login
  • Sign Up

© 2024 OneWriteup

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In