Hi hackersLet’s start Let’s begin in nmap, as we always do. Rcon nmap shows two open ports, http (TCP 80) and ssh (TCP 22): I can’t find anything on the page, so I decide to read the page source code and find the new page in source code image.late.htb add etc/hosts 10.10.11.156 images.late.htb as discovered by SSTI injection vulnerability Referncehttps://ajinabraham.com/blog/server-side-template-injection-in-tornadohttps://github.com/carlospolop/hacktricks/blob/master/pentesting-web/ssti-server-side-template-injection/README.mdhttps://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee ...

Hello hackers Windows is used by this computer. Because I have little familiarity with Windows boxes and spend the majority of my practise time on the Linux command line, I found this machine to be challenging (but worthwhile). But this box is ideal if you want to learn something interesting about Windows. Let’s get started #Recon: We first start with ...

HTB-TimeLapse machine is really a great learning box for those who are new to Windows and Active Directory Pentesting I found the initial access (user flag) easier and root flag was a bit tricky for me due to my lack of windows privilege escalation skills overall its a fun machine Enumeration As always starting with an Nmap scan Nmap discovery ...

From the quick nmap scan I saw that two ports were open SSH and http By browsing into the port 80, I get to know that litecart is during by running gobuster I found /backup directory From there I got a tar file. I downloaded it my local machine From the file at shop/admin/login.php from the tar file I got ...