6 posts tagged with "Web Site Structure Discovery"

We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.

This article guides users through completing the Oopsie machine challenge on Hack The Box. The steps outline a hacking scenario, from initial connection testing and scanning to exploiting vulnerabilities in a web application, including IDOR, cookie manipulation, and SUID exploitation, ultimately leading to gaining admin access and finally grabbing the root flag.

This article guides users through completing the Ignition machine challenge on Hack The Box. It covers tasks such as service version identification, HTTP status code retrieval, web fingerprinting, and brute force directory discovery, ultimately leading to gaining access to the Magento admin page and submitting the root flag.

This article guides users through completing the Three machine challenge on Hack The Box. This is a web hacking challenge that involves exploiting vulnerabilities in an S3 bucket and executing a reverse shell on the target machine. The goal is to retrieve the "flag" file from the target machine.

This walkthrough provides help solving the Crocodile machine on Hack The Box. The guide covers various topics, including Nmap scanning, service version identification, FTP login procedures, and directory brute force using Gobuster.

This walkthrough provides step-by-step guidance on completing the Preignition machine challenge on Hack The Box, a series of tutorials designed to help beginners complete Tier 0 challenges. The guide covers directory brute-forcing techniques, using nmap and gobuster tools, and submitting the root flag.