Explosion Walkthrough | HackTheBox

We’re a hub for tech professionals looking to advance & optimize their IT Infrastructure by finding the perfect product, tool, or role. Learn more about us. If you don’t see a product you are looking for on our website you can send us feedback 🙂

CarlosRecruits Icon

This is a simple walkthrough for completing the Explosion target machine in Hackthebox.com.

Task 1

Question: What does the 3-letter acronym RDP stand for?

Answer: Remote Desktop Protocol

Task 2

Question: What is a 3-letter acronym that refers to interaction with the host through a command line interface?

Answer: CLI

Task 3

Question: What about graphical user interface interactions?

Answer: GUI

Task 4

Question: What is the name of an old remote access tool that came without encryption by default?

Answer: Telnet

Task 5

Question: What is the concept used to verify the identity of the remote host with SSH connections?

Answer: Public-Key Cryptography

Task 6

Question: What is the name of the tool that we can use to initiate a desktop projection to our host using the terminal?

Answer: xfreerdp

Task 7

Question: What is the name of the service running on port 3389 TCP?

Answer: ms-wbt-server

Task 8

Question: What is the switch used to specify the target host’s IP address when using xfreerdp?

Answer: /v:

$man xfreerdp

Task 9

Submit Flag

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, which provides a user with a GUI to connect to another computer via a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Specifically for this box we see ms-wbt-server. Ms-wbt-server is a common name for a protocol that is used by Windows Remote Desktop and uses the well known TCP port 3389. This is similar to the http protocol that is commonly used by web browsers.

We can use xfreerdp to connect to the target. Make sure you have the required software installed. This can be accomplished by the following command:

sudo apt install freerdp2-x11

Next, we can connect by using the following command:

xfreerdp /v:

You will be prompted to enter Y to proceed with accepting the certificates. After the certificate is accepted, the next step in the connection will be to enter the domain name. We can type the name of the HackTheBox (Explosion) here as a try to see if it works as it is the closest possible hint we have to what the domain name could be. For the password, we can just press the enter key to see if the system is misconfigured without a password.

We received an error connect message with the domain of Explosion and empty password. We can dig a little deeper in the xfreerdp tool and see that if we don’t provide the command with a specific username, it will automatically default to the username of our host machine, which we know will give us the wrong login credentials.

We can now try to enumerate through a series of common known login credentials for admin access. For instance, admin OR Administrator OR root OR user.

Let’s try Administrator and no password.

The default credentials worked and we were able to login to this misconfigured target machine. The flag file is on the desktop as well.

Mission accomplished.

CarlosRecruits.com is an independent recruitment website launched in 2023 on a mission to match impactful people with meaningful organizations

Hi! My name is Carlos and I’ve been working in tech for the past 9 years.

I built this website to share my passion for recruitment and tech.

Clicking the heart tells me what you enjoy reading. Social sharing is appreciated (and always noticed).

That’s it. That is my pitch for you to stick around (or browse the site as you please).

If you want to get in contact with me, reach out to me via my socials 🙂

“Think of me as the ‘Consumer Reports’ for Impactful Talent.”

Exclusive insights on roles directly in your inbox.