Possibly Related Threads…

Pepperwhite · Oct 05, 2024, 08:14 PM

Okay so we know a Caddy web server is being ran, we can get the caddyfile from /etc/caddy/Caddyfile. We just need to find a config file that would leak more info to get credentials or something.

hackemall · Oct 05, 2024, 08:33 PM

:80 {
@ip {
header_regexp Host ^(\d{1,3}\.){3}\d{1,3}$
}
redir @ip http://yummy.htb{uri}
reverse_proxy 127.0.0.1:3000 {
header_down -Server
}
}

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

peRd1 · (This post was last modified: Oct 05, 2024, 08:35 PM by peRd1.)

(Oct 05, 2024, 08:33 PM)hackemall Wrote: :80 {
@ip {
header_regexp Host ^(\d{1,3}\.){3}\d{1,3}$
}
redir @ip http://yummy.htb{uri}
reverse_proxy 127.0.0.1:3000 {
header_down -Server
}
}

Yes, this is the /etc/caddy/Caddyfile.

You can also get PIDs by fuzzing /proc/, etc.

Pepperwhite · Oct 05, 2024, 08:36 PM

Honestly it might come down to enumerating PIDs /proc/<pid>/cmdline one by one but since you have to manually intercept the request to test a file, it's such a hassle.

hackemall · Oct 05, 2024, 08:38 PM

i think something wrong with this machine it keeps droping on me

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

celsius · Oct 05, 2024, 08:40 PM

can't even display a dashboard with the table I booked
- reseted the machine
- registered another user
- cleared firefox cache, data and passwords
- created multiple table booking

nothing, does somebody else has the same issue ?

rootme1122 · Oct 05, 2024, 08:42 PM

(Oct 05, 2024, 08:40 PM)celsius Wrote: can't even display a dashboard with the table I booked
- reseted the machine
- registered another user
- cleared firefox cache, data and passwords
- created multiple table booking

nothing, does somebody else has the same issue ?

yes there is some issses i think same m facing

mamadoubarla · Oct 05, 2024, 08:51 PM

(Oct 05, 2024, 08:40 PM)celsius Wrote: can't even display a dashboard with the table I booked
- reseted the machine
- registered another user
- cleared firefox cache, data and passwords
- created multiple table booking

nothing, does somebody else has the same issue ?

machine is very very laggy, this is not even fun.

hackemall · Oct 05, 2024, 08:53 PM

no one got first blood something is wrong for sure

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

sedlyf · (This post was last modified: Oct 05, 2024, 09:02 PM by sedlyf.)

Hint : Explore /etc/crontab

/export/../../../../../../var/www/backupapp.zip

Quote:/export/../../../../../..///data/scripts/table_cleanup.sh

db_config = {

    'host': '127.0.0.1',

    'user': 'chef',

    'password': '3wDo7gSRZIwIHRxZ!',

    'database': 'yummy_db',

    'cursorclass': pymysql.cursors.DictCursor,

    'client_flag': CLIENT.MULTI_STATEMENTS

}

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	367	90,984	10 hours ago Last Post: Anon141234
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	85	7,699	Today, 05:35 AM Last Post: Fr1Rtx23
	[FREE] HackTheBox All Cheatsheets	Tamarisk	1	285	Today, 05:34 AM Last Post: Fr1Rtx23
	rev_dudidudida	cavour13	1	238	Today, 12:25 AM Last Post: 0xcreep
	[FREE] HTB HackTheBox CPTS CBBH CDSA CWEE exam preparation guide and hints	Tamarisk	5	1,853	Yesterday, 08:42 PM Last Post: Tamarisk