Hi hackersLet’s start Let’s begin in nmap, as we always do. Rcon nmap shows two open ports, http (TCP 80) and ssh (TCP 22): I can’t find anything on the page, so I decide to read the page source code and find the new page in source code image.late.htb add etc/hosts 10.10.11.156 images.late.htb as discovered by SSTI injection vulnerability Referncehttps://ajinabraham.com/blog/server-side-template-injection-in-tornadohttps://github.com/carlospolop/hacktricks/blob/master/pentesting-web/ssti-server-side-template-injection/README.mdhttps://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee ...

Hello hackers Windows is used by this computer. Because I have little familiarity with Windows boxes and spend the majority of my practise time on the Linux command line, I found this machine to be challenging (but worthwhile). But this box is ideal if you want to learn something interesting about Windows. Let’s get started #Recon: We first start with ...

HTB-TimeLapse machine is really a great learning box for those who are new to Windows and Active Directory Pentesting I found the initial access (user flag) easier and root flag was a bit tricky for me due to my lack of windows privilege escalation skills overall its a fun machine Enumeration As always starting with an Nmap scan Nmap discovery ...

Lets get statrted by viewing the nmap results We can see that port 80 is running with a web server. Gobuster was failing continuously and I decided to take a peek in the official discussion forum. So I confirmed that was not an issue. So I continued inspecting the page and in the bottom side of the page it is ...

Initial Nmap scan When I tried access port 80, it got redirected to fuse.fabricorp.local. After adding it to my /etc/hosts file I got the below page I downloaded each CSV file and found something interesting I found below usernames pmerton tlavel sthompson bhult I tried smbclient anonymous login allowed, but nothing there was found. I created a list of passwords ...

Cascade is a Windows machine that just got retired. This had got an active directory which we will try to penetrate in and get the admin privilege. Let’s begin with the nmap scan sudo nmap -sS -sV 10.10.10.182 After doing the map enumeration, I decided to try LDAP enumeration using ldapsearch ldapsearch -x -b “dc=CASCADE, dc=local” -h 10.10.10.182 From this ...

Exit mobile version