Blog
January 30, 2022
HackTheBox - Networked
IP 10.10.10.146
Nmap
Run Gobuser we find links to /uploads and /backup. Inside the backup folder there is a compressed file that contains files on the...
January 30, 2022
HackTheBox - Postman
Port 1000 shows a webmin login-page. Need to edit hosts to include postman.
By doing some googling around Redis we find an exploit at https://github.com/Ridter/redis-rce. This is a...
January 30, 2022
HackTheBox - Blocky
IP 10.10.10.37
NMAP
We run gobuster and find a folder called /plugin and inside two .jar-files. When extracted with 7z e .jar-file we find the password...
January 30, 2022
HackTheBox - Lame
IP: 10.10.10.3 NMAP But it gives us nothing. We continue to enumerate and try the SMB-server. Get a hold of the SMB-server and the permissions. We discover that the tmp-folder is open for...
Read