HackTheBox : Love Walkthrough

First glance

Now let’s get acquainted with our site.

Step 1.

Let’s scan for open ports with Nmap

Command: nmap -A 10.10.10.239

Step 2.

We got something interesting called subdomain which is staging.love.htb

we need to add this to your local DNS which you can change to access the subdomain.

Command: nano /etc/hosts

And now we have access

Now let’s look at the ‘demo’ stock.

Now let’s look at port 5000

Bingo.We found our password. Now let’s find the admin panel.

Step 3.

Command: dirb http://10.10.10.239/

Step 4.

Let’s go to admin panel

We are inside now.

Step 5.

Let’s just throw in a simple ‘web shell’

This is the code I use.

Now let’s put it on the site.

Step 6.

Now let’s connect to the web shell and see who we are.

Command: whoami

Let’s read the user.txt file on the desktop as we know it in windows.

Command: type C:\Users\Phoebe\Desktop\user.txt

Findout the user flag and submit to htb.