htb - Eonbelievable

OSCP series – Soccer writeup

August 14, 2024August 14, 2024 Sagahiko

nmap Add the domain name to the hosts file. Also, port 9091 is open. It is worth checking it. Enumeration When I accessed the web page, the home page looked like the image below. There’s nothing to see on the main page. I ran dirbuster to find directories. There’s one hit. User flag And I … Read More “OSCP series – Soccer writeup” »

OSCP series – Sau writeup

August 9, 2024August 9, 2024 Sagahiko

HackTheBox, Machines, OSCP preparation

nmap The nmap scanning shows ports 22 and 55555 are open. I checked the web page. I found the version of request-baskets is 1.2.1 from the web page. I googled if it has any vulnerabilities, then I found SSRF vulnerability: CVE-2023-27163 Exploitation I downloaded a PoC of the vulnerability from this github page. I proxied … Read More “OSCP series – Sau writeup” »

OSCP series – Help write-up

August 4, 2024August 4, 2024 Sagahiko

HackTheBox, Machines, OSCP preparation

Nmap 22, 80, and 3000 ports are open. Web pages Port 3000 is uncommon. Checked the page. The web page displays a message like json. This kind of thing is called graphql. I referred to the documentation to learn how to use it. I managed to find out the user credentials using the query below. … Read More “OSCP series – Help write-up” »

Sherlock Ultimatum write-up

August 3, 2024August 3, 2024 Sagahiko

HackTheBox, Sherlocks

Which security scanning tool was utilized by the attacker to fingerprint the blog website? Check the access log file in /Logs/var/log/apache2 Which CVE was exploited by the attacker? CVE-2023-3460 What was the IP Address utilized by the attacker to exploit the CVE? 23.106.60.163 What is the name of the backdoor user added to the blog … Read More “Sherlock Ultimatum write-up” »

Heartbreaker-Continuum write-up

August 1, 2024August 1, 2024 Sagahiko

HackTheBox, Sherlocks

To accurately reference and identify the suspicious binary, please provide its SHA256 hash. When was the binary file originally created, according to its metadata (UTC)? Examining the code size in a binary file can give indications about its functionality. Could you specify the byte size of the code in this binary? It appears that the … Read More “Heartbreaker-Continuum write-up” »

OSCP series – Busqueda write-up

July 30, 2024July 30, 2024 Sagahiko

HackTheBox, Machines, OSCP preparation

Enumeration Start with nmap scan. Check ssh and a web server are running. It failed to redirect to http://searcher.htb, so add it to /etc/hosts file. If nmap again after adding it to the /etc/hosts file, I got a different result. Here, I can see it is using Werkzeug 2.1.2 version. My first thought was to … Read More “OSCP series – Busqueda write-up” »