HTB

Initial Recon In the initial port scan, we find that there are two ports open : So we let the all ports scan run in the background, while we take a look at the web page. Since, it points to the domain bucket.htb, we will add it to our /etc/hosts file. We do get an email id support@bucket.htb apart from…

Initial Recon From the initial port scan, it seems that there 3 ports open : So I added laboratory.htb to the /etc/hosts file. After visiting the home page, I found out that it has an html index page but uses its own cerificate which I downloaded. From the certificate I found another Domain name : git.laboratory.htb. We’ll add this one…

Initial Recon While the scan was going on I tried checking if there is a webserver or not. It turns out that it is trying to access So change the /etc/hosts file : Add the above line to /etc/hosts Then reloading the webpage looks like this : On checking the nmap scan, we get the…

Initial recon This shows that : So, we will let a full port scan run in the background while we take a look at the web page. This does not give us anything interesting Checking the web page This web page is a collection of new articles. This runs php and takes a parameter. So…

Initial Recon Run nmap for the initial recon : The following things can be concluded from here : Let the complete port scan run in the background : Nothing new in the all_ports scan. The port 80 When I tried to access the webserver, it turns out to redirect to http://sneakycorp.htb/ So add it to /etc/hosts…

Initial Recon Do the all ports scan just to make sure : Same outcome. So we have to go for the web page. Testing the Login page This part shows the use of an authenticate function. There is a user called jennifer If we do a strings on the swap file, we can have a proper…

Initial Recon It seems that only two ports are open: The ftp (closed) and the webserver Let the complete port scan run and check the webpage Onto User The page looks like a typical HTML page with some links. One of the links lead to a Twitter account and all. At this point of time,…

Initial Recon I started the initial recon using nmap So we that a http server is open and an Apache tomcat server is also open, along with an ssh I’ll let the al ports scan run in the backgroun while I check the web page and the tomcat. After looking at the home page I…

Initial Recon I started the initial recon using nmap : sudo nmap -sS -sV -sC 10.10.10.180 > rec_ini The following is the result I get: So, it has a web page which looks like an online shopping site. Also in the people section we find the names of some people which may letter help us…

Initial recon It seems that only two ports are open. Let the full port scan run and check the webpage The home page is as below There is also a login page. Checking the login page There are some peculiar things about the login : Upon checking the login form in Google Dev tools, it…