Category: HackTheBox
-
Photobomb | Hack The Box
Our initial results, we get domain (photobomb.htb) and an open SSH port. The web server gives us this – it displays whatever URI you enter, it may be vulnerable – we’ll test while we enumerate directories and vhosts. While browsing with burp we see a few .js files we can enumerate and inside find some […]
-
Metatwo | Hack The Box
Port 21 is interesting, nmap thinks it’s an FTP service but we can’t get anything back from it, so will try to look at the web app. It’s quickly evident that it’s a Word Press website and WPScan reveals that it’s quite out of date. A link on the home page takes us to /events/ […]
-
Ambassador | Hack The Box
Straight off the bat we get a username from the web server. We see from the website source it’s running Hugo 0.94.2, “a static HTML and CSS website generator written in Go”. There’s no immediately obvious CVE so will carry on. There’s not a lot else obvious here, so next we look at port 3000 […]
-
Late | Hack The Box
Out of the blocks we don’t really have a lot to go off, so straight to the web app to see if we can break something. We’re given a subdomain (images.late.htb) from the landing page so we’ll have a look. If we try to bypass the filter by renaming a php.jpg we get the following […]
-
Open Source | Hack The Box
We’ll be starting with the web server then… Immediately we’re given an option to “Download the Source Code” which appears to be a docker image, and to test the upload functionality. There’s a .git so git branch shows us dev and public. Looking thorugh git log dev we can see the commits and when comparing […]
-
Support | Hack The Box
Initial nmap results and looks like we’ve got a domain controller. We get nothing we don’t already know from the DNS server and it’s not vulnerable to anything I know of so on to enumerate SMB. At this stage the only folder we can get into as anonymous user is support-tools which contains a handy […]
-
RedPanda | Hack The Box
First nmap results, not a lot to go at other than to investigate the web app. If we hit search without anything in we get a bit of info about potential usernames. We can also quickly discover the search bar is vulnerable to SSTI: After following the HackTricks cheat sheet and googling the resulting error […]
-
Shoppy | Hack The Box
A few ports open, we’ll start with the web server. Nothing immediately interesting but a quick directory enumeration takes us to a login page. While fuzzing for subdomains I find mattermost.shoppy.htb but I am convinced it’s a rabbit hole so will leave it for now and return to the main index After spending quite some […]