Can you exfiltrate the root flag? Link to room is here . Our challenge here is to find 2 flags. Let’s start with enumerating the ip Use: nmap -sC -sV -A <machine_ip> We can see that port 22 and port 80 are open. Let’s go and check out what is there in the website since port 80 is open. It’s ...
What is google Dorking ? Google dorking is a method or technique used to find precise search results,but with a little creativity we can find all kinds of data exposed in the internet accidentally. This technique can also be used to get precise information on any topic while googling things. The first thing that a cyber security enthusiat thinks when ...
Tabby is an easy Linux based machine from Hackthebox. The initial foothold to this box is obtained by Tomcat Manager app exploit and an LFI. Gaining user access requires a decent amount of enumeration. Root access obtained by exploiting the LXC. In this blog I have tried to separate each process Enumeration 2. Initial foothold 3. Lateral movement 4. Privilage ...
Lets get statrted by viewing the nmap results We can see that port 80 is running with a web server. Gobuster was failing continuously and I decided to take a peek in the official discussion forum. So I confirmed that was not an issue. So I continued inspecting the page and in the bottom side of the page it is ...