Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and Apache server on port 80 on the target. The target has a FreeBSD operating system. HTTP Browsing the website, we can see a site with the title: “Temporary website to test local .php scripts”. Entering a listed script’s name “listfiles.php” into… Continue reading Hack the Box: Poison
Month: February 2023
Hack the Box: Buff
Enumeration Nmap The Nmap scan shows that Apache server with PHP version 7.4.6 is running on port 8080 on the target. HTTP On navigating to port 8080, we can see a fitness website. From the page http://10.10.10.198:8080/contact.php we can see that the web application is using Gym Management Software 1.0. Exploitation Using SearchSploit we can… Continue reading Hack the Box: Buff
Hack the Box: Nibbles
Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and an Apache HTTP server on port 80 on the target. HTTP Browsing the website, we can see the text “Hello world!”. Viewing the source of index.html reveals a comment referencing a /nibbleblog/ directory. The page http://10.10.10.75/nibbleblog/ does not provide anything interesting.… Continue reading Hack the Box: Nibbles
Hack the Box: Sense
Enumeration Nmap The Nmap scan shows that lighttpd server 1.4.35 is running on ports 80 (HTTP) and 443 (HTTPS). HTTP Browsing to the website, PfSense login page is revealed. Failed to login with PfSense default credentials: admin:pfsense. Dirbuster Running Dirbuster with the wordlist /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt we can see a file system-users.txt which reveals credentials: rohit:pfsense Logged… Continue reading Hack the Box: Sense