HackTheBox : Love Walkthrough

First glance

Now let’s get acquainted with our site.

Step 1.

Let’s scan for open ports with Nmap

Command: nmap -A 10.10.10.239

Step 2.

We got something interesting called subdomain which is staging.love.htb

we need to add this to your local DNS which you can change to access the subdomain.

Command: nano /etc/hosts

And now we have access

Now let’s look at the ‘demo’ stock.

Now let’s look at port 5000

Bingo.We found our password. Now let’s find the admin panel.

Step 3.

Command: dirb http://10.10.10.239/

Step 4.

Let’s go to admin panel

We are inside now.

Step 5.

Let’s just throw in a simple ‘web shell’

This is the code I use.

Now let’s put it on the site.

Step 6.

Now let’s connect to the web shell and see who we are.

Command: whoami

Let’s read the user.txt file on the desktop as we know it in windows.

Command: type C:\Users\Phoebe\Desktop\user.txt

Findout the user flag and submit to htb.

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

RSA Encryption

Top 10 Java 9 Tutorials and Courses — Best of Lot Must Read

Enterprise Architecture Case Study Ppt Slide

Hands On With Malvertisers’ Sneaky Tricks

PoniCode : My feedback and a mixed overall feeling about the tool.

Exploring NestJS Workspace

Cross Platform Development at Blippar with C++

Azure Private Endpoint Across AAD Tenant

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

TryHackMe Net Sec Challenge

TryHackMe CVE-2021–41773/42013 Write-up SMN666

TryHackMe: Common Attacks Writeup

RootMe TryHackMe CTF Writeup