HackTheBox : Love Walkthrough

First glance

Now let’s get acquainted with our site.

Step 1.

Let’s scan for open ports with Nmap

Command: nmap -A 10.10.10.239

Step 2.

We got something interesting called subdomain which is staging.love.htb

we need to add this to your local DNS which you can change to access the subdomain.

Command: nano /etc/hosts

And now we have access

Now let’s look at the ‘demo’ stock.

Now let’s look at port 5000

Bingo.We found our password. Now let’s find the admin panel.

Step 3.

Command: dirb http://10.10.10.239/

Step 4.

Let’s go to admin panel

We are inside now.

Step 5.

Let’s just throw in a simple ‘web shell’

This is the code I use.

Now let’s put it on the site.

Step 6.

Now let’s connect to the web shell and see who we are.

Command: whoami

Let’s read the user.txt file on the desktop as we know it in windows.

Command: type C:\Users\Phoebe\Desktop\user.txt

Findout the user flag and submit to htb.

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

https://t.co/p8WyMw98gW

Make Serverless Text Extraction(using Amazon Textract)with AWS Lambda

Building the CI/CD of the Future, Creating the EKS Cluster

Difference between variables.tf and terraform.tfvars ?

Can cloud native go 20,000 transactions per second?

Evolution Land 10th, August Update

How To Remove Response Headers In IIS

Linting your database schema

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

Devzat — Hackthebox walkthrough

TryHackMe: HA Joker CTF

HackTheBox — Explore

HackTheBox — Previse Writeup