SecWalk.com

Month: July 2020

HTB Walkthrough Book 10.10.10.176

Summary Foothold After the Nmap scan we see there are only 2 ports open. after poking around we discover the sign up page is vulnerable to an SQL truncation Attack User Once we are logged into the admin and normal site we discover an XSS vulnerability, cause this vulnerability we were able to get the id_rsa key and login to the box Root After some enumeration we discover there is a vulnerability in the log rotate application after exploiting this we were able to take over the machine completely. Enumeration Nmap nmap -sC -sV -p- 10.10.10.176 Web 10.10.10.176 http://10.10.10.176/admin Turns… Read More

HTB Walkthrough ForwardSlash 10.10.10.183

Summary Foothold after some web enumeration we find out there is a backup site which still contains a LFI, after looking around we see there is a dev folder which contains a index.php file, in that file we were able to find credentials. User after successful login we still need to become another user to get more privileges we find out this user must be called pain and he owns a binary called backup, when we run that program we see it would be able to read a file when we have the right time stamp, after abusing that we… Read More