Note: This machine is still active on Hack The Box. To respect the platform’s rules and avoid spoiling the experience for other users, this write-up will be published in its entirety once the machine has been retired.

Introduction : Analyzing the ‘Previous’ HTB Machine

“Previous” is a Linux machine from Hack The Box that perfectly illustrates how modern vulnerabilities can be chained together for a full compromise. We will cover key techniques such as exploiting a Local File Inclusion (LFI) vulnerability in a NextJS framework, and a creative method for privilege escalation via a Terraform misconfiguration.

Phase 1 : Recognition and Enumeration

Every successful attack begins with thorough reconnaissance. Our first step is an nmap scan to identify open ports and running services on the target machine.

nmap -sC -sV 10.10.11.83

The scan reveals an Nginx web server on port 80. To access the website, it’s essential to add previous.htb to our /etc/hosts file. Analyzing the site shows a simple login page, but more importantly, that it’s developed with NextJS. A potential username, jeremy, is also found in a contact email.

A hidden directory search with gobuster is launched to find any non-obvious entry points.

gobuster dir -u http://previous.htb/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50

Since this search yields nothing, and an attempt to create an account via the API fails, it’s time to focus on the biggest lead : a potential vulnerability in the NextJS framework.

Full write-up coming soon! The rest of this content will be available once the machine is retired from Hack The Box.