NexusSeven
24th May 2025
Difficulty: Easy
Prepared By: Unknown
Challenge Author(s): leanthedev
Successfully Pwned NexusSeven
nquangit has successfully completed and pwned this challenge on Hack The Box.
CHALLENGE DESCRIPTION
Our agents have given you access to a compromised Nexus Seven panel instance from the opposition group, your goal is to extract hidden info from the system running the spying software.
SOLUTION
Overview
After downloading the challenge’s source code, we find that it’s a fairly straightforward web service implemented in C. The codebase is minimalistic, featuring basic request‐handling routines and very few external dependencies, which makes it easy to trace and analyze each functionality in detail.
After a bit of analysis, we can summarize the source code as follows:
First, the server initializes the connection and reads and parses the incoming request. It then performs a few cleanup and extraction steps—URL decoding, extracting the file extension, determining the MIME type, parsing headers, and sanitizing the file path to prevent path‑traversal attacks.
Once those preparations are complete, the server creates a temporary directory and a file to store request stats (method, route, HTTP version, headers, etc.).
Finally, it checks whether the file extension is allowed or if the path contains “..”. If either check fails, the request is blocked; otherwise, the server reads and returns the requested file’s contents.
At the end of the request, the server cleans up by deleting the temporary directory and file.
❌ This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox’s policy on publishing content from their platform.
For more hints and assistance, come chat with me and the rest of your peers in the HackTheBox Discord server.
Leave a comment