Bandit CTF – Level 8

level 7–>8 bandit7@bandit:~$ ls -la bandit7@bandit:~$ cat data.txt | grep -s millionth password = cvX2XXXXXXXXXXXXXXXXXXXXXXXXXXXX

HTB Delivery

Add the box to the host file. $ sudo nano /etc/hosts $ nmap delivery.htb -A -p- -T4 Open ports: Site inspection: http://delivery.htb http://delivery.htb/#contact-us http://delivery.htb:8065 As you can create a user into Mattermost server we can start here: http://delivery.htb:8065/should_verify_email? We should verify the email, but no email is going to be received.So we need to find a new way. If we focus on Helpdesk site, We can create a

HTB Academy

$ sudo nano /etc/hosts $ nmap academy.htb -A -p- -T4 Open ports: 22(tcp) – ssh 80(tcp) – http 33060(tcp) – mysql Access to http://academy.htb $ python ~/tools/dirsearch/ -u http://academy.htb http://academy.htb/admin.php http://academy.htb/register.php After this step, we would be able to log in to this site. Inspecting with Burb Suite the request when we register our user we can observe: What would happen if we change this value when creating a new user? Modify

Bandit CTF – Level 7

level 6–>7 bandit6@bandit:~$ ls -la bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password password = HKBPXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 6

Level 5 –> 6 bandit5@bandit:~$ ls -la bandit5@bandit:~$ cd inhere/bandit5@bandit:~/inhere$ ls -la bandit5@bandit:~/inhere$ find . -type f -readable ! -executable -size 1033c bandit5@bandit:~/inhere$ cat ./maybehere07/.file2 password = DXjZXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 5

level 4 –> 5 bandit4@bandit:~$ ls -la bandit4@bandit:~$ cd inhere/bandit4@bandit:~/inhere$ ls -la bandit4@bandit:~/inhere$ cat ./-file07 password = koReXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 4

level 3 –> 4 bandit3@bandit:~$ ls -la bandit3@bandit:~$ cd inherebandit3@bandit:~/inhere$ ls -la bandit3@bandit:~/inhere$ cat .hidden password = pIwrXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 3

Level 2 –> 3 bandit2@bandit:~$ ls -la bandit2@bandit:~$ cat ./spaces\ in\ this\ filename password = UmHaXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF

Today I start publishing some of the first solutions to the Bandit CTF. In this first post, I’ll publish the first two levels. level 0 –> 1 $ ssh -2220 pass = bandit0 bandit0@bandit:~$ ls bandit0@bandit:~$ cat readme password = boJ9XXXXXXXXXXXXXXXXXXXXXXXXXXXX level 1 –> 2 bandit1@bandit:~$ ls -la bandit1@bandit:~$ cat ./- password level = CV1DXXXXXXXXXXXXXXXXXXXXXXXXXXXX

HTB Heist

$nmap -sC -sV -oA all -vv -p- $gobuster dir -u -w ~/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt -e $gobuster dir -u -w ~/tools/SecLists/Discovery/Web-Content/raft-large-files.txt -e -k php Accessing to There is a «Login as Guest» option. There is an «Attachment» link. The message talks about a Cisco Router. Hazard said to create a user account for him. So it should be a «hazard» username. Testing admin credentials we’ve just found. we need an