JOIN BREACHFORUMS TELEGRAM
HTB CBBH - Server-Side Attacks (Updated Flags)
by ir0nman4l1f3 - Monday August 26, 2024 at 05:04 PM
Breached
Member
Posts: 39
Threads: 12
Joined: Aug 2024
Reputation: 0
#1
Aug 26, 2024, 05:04 PM

  1.  Exploit a SSRF vulnerability to identify an internal web application. Access the internal application to obtain the flag. -> HTB{911fc5badf7d65aed95380d536c270f8}
  2. Exploit the SSRF vulnerability to identify an additional endpoint. Access that endpoint to obtain the flag. -> HTB{61ea58507c2b9da30465b9582d6782a1}
  3. Exploit the SSRF to identify open ports on the system. Which port is open in addition to port 80? -> 5000
  4. Apply what you learned in this section and identify the Template Engine used by the web application. Provide the name of the template engine as the answer. -> Twig
  5. Exploit the SSTI vulnerability to obtain RCE and read the flag. -> HTB{295649e25b4d852185ba34907ec80643}
  6. Exploit the SSTI vulnerability to obtain RCE and read the flag. -> HTB{5034a6692604de344434ae83f1cdbec6}
  7. Exploit the SSI Injection vulnerability to obtain RCE and read the flag. -> HTB{81e5d8e80eec8e961a31229e4a5e737e}
  8. Exploit the XSLT Injection vulnerability to obtain RCE and read the flag. -> HTB{3a4fe85c1f1e2b61cabe9836a150f892}
  9. Obtain the flag -> HTB{3b8e2b940775e0267ce39d7c80488fc8}
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  HTB Eloquia User and Root Flags - Insane Box 69646B 15 720 44 minutes ago
Last Post: Surplus1926
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 391 97,390 1 hour ago
Last Post: pakizto
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 23 1,346 1 hour ago
Last Post: pakizto
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 100 9,478 3 hours ago
Last Post: GachiMan
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 607 95,104 4 hours ago
Last Post: suncho

Forum Jump:


 Users browsing this forum: 1 Guest(s)