Aug 10, 2024, 10:03 PM
(Aug 10, 2024, 09:59 PM)leury Wrote: How did you manage to find http://sea.htb/index.php?page=loginURL
find in exploit
https://github.com/prodigiousMind/CVE-20...exploit.py
|
[HTB] Sea - Machine
by RedTeamer - Friday August 9, 2024 at 08:04 PM
|
|
find in exploit https://github.com/prodigiousMind/CVE-20...exploit.py
Aug 10, 2024, 10:04 PM
(Aug 10, 2024, 09:59 PM)leury Wrote: How did you manage to find http://sea.htb/index.php?page=loginURL no need for this ?page just put loginURL and it will take you to the login.
Aug 10, 2024, 10:06 PM
anything for the root?
This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.
Aug 10, 2024, 10:08 PM
(This post was last modified: Aug 10, 2024, 10:08 PM by DeDeLaPouille.)
Aug 10, 2024, 10:10 PM
(Aug 10, 2024, 09:32 PM)l3rka Wrote: login page how did you find this login page? This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for reputation
Aug 10, 2024, 10:10 PM
os injection on internal 8080 port
 ))This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect. (Aug 10, 2024, 09:59 PM)leury Wrote: How did you manage to find http://sea.htb/index.php?page=loginURLEnumerate the whole site. You can find in the theme this - http:// sea.htb/themes/bike/README.md - you confirm it's wonderCMS, find the required CVE, and yes, it's CVE-2023-41425. It won't work by itself, check the script how it creates the xss.js, how it installs the module (from where?) and the how revshell is being fired up. You need to adapt little things and don't just edit the xss.js then re-run the python expl since it's going to recreate it, lol. Simple things like this result in struggles. Once you get shell, check for creds, there's the database.js file, it's for the said user (see above in this thread), and you'll end up with user. Root - check for what's running on the box, portfwd to it, check it out, how it works (see how it requests those log files the log analyzer), find the vulnerability, use and abuse - you can leak the flag or pop a revshell, do whatever. Hint - command injection, perhaps?
Aug 10, 2024, 10:16 PM
Aug 10, 2024, 10:21 PM
i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.
Aug 10, 2024, 10:22 PM
lol only me after foothold did /usr/bin/bash -p and got root lol
This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] HackTheBox Dante - complete writeup written by Tamarisk | 602 | 91,608 |
57 minutes ago Last Post: sabero_exe |
||
| [FREE] CPTS 12 FLAGS | 68 | 1,951 |
9 hours ago Last Post: VictorPipeau |
||
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 371 | 92,809 |
10 hours ago Last Post: phannguyenbaouy1 |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 21 | 2,617 |
Today, 05:08 AM Last Post: popoler |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 23 | 2,269 |
Yesterday, 02:10 PM Last Post: kkkato |
||