HackTheBox : Love Walkthrough
First glance
Now let’s get acquainted with our site.
Step 1.
Let’s scan for open ports with Nmap
Command: nmap -A 10.10.10.239
Step 2.
We got something interesting called subdomain which is staging.love.htb
we need to add this to your local DNS which you can change to access the subdomain.
Command: nano /etc/hosts
And now we have access
Now let’s look at the ‘demo’ stock.
Now let’s look at port 5000
Bingo.We found our password. Now let’s find the admin panel.
Step 3.
Command: dirb http://10.10.10.239/
Step 4.
Let’s go to admin panel
We are inside now.
Step 5.
Let’s just throw in a simple ‘web shell’
Now let’s put it on the site.
Step 6.
Now let’s connect to the web shell and see who we are.
Command: whoami
Let’s read the user.txt file on the desktop as we know it in windows.
Command: type C:\Users\Phoebe\Desktop\user.txt
Findout the user flag and submit to htb.