✍️
CTF / Challenges / Boxes
  • ✍️CTF / Challenges / Boxes
    • 💬About me
  • TryHackMe
    • TryHackMe
      • Easy
        • Anonforce
        • Bounty Hacker
        • Brooklyn Nine Nine
        • Coldbox
        • Dav
        • Gaming Server
        • Ignite
        • Lazy Admin
        • Lian_Yu
        • Library
        • Plotted-TMS v3
        • Root Me
        • Simple CTF
        • Startup
        • Thompson
        • Wgel CTF
        • ToolsRus
        • Road
      • Medium
        • 0day
        • Anonymous
        • Haskell
        • Relevant
        • Mr Robot CTF
        • Road
  • HACK THE BOX
    • Hack the Box
      • Easy
        • Beep
        • Mirai
        • Keeper
        • Sau
        • Blue
        • Cap
        • Knife
        • Bashed
        • Nibbles
        • Cozy Hosting
        • Validation
        • Legacy
        • Antique
        • Pilgrimage
        • Wifinetic
        • ScriptKiddie
        • Explore
        • Horizontall
        • Blocky
        • Bank
        • Blunder
  • LetsDefend
    • LetsDefend
      • PRACTICE WITH SOC ALERTS
        • SOC146
        • SOC140
        • SOC114
        • SOC120
        • SOC141
        • SOC165
        • SOC168
        • SOC167
        • SOC169
        • SOC170
        • SOC104_ID14
      • CHALLANGES
        • Malicious Doc
        • Malicious VBA
Powered by GitBook
On this page
  1. HACK THE BOX
  2. Hack the Box
  3. Easy

Horizontall

Last updated 1 year ago

  1. Enumeration machine.

  1. Source code of home page.

To read the js code better, we can use js-beautify.

We have to add new dns to our hosts.

  1. Dirsearch.

  1. Source code of one of the results from dirsearch.

We can find version of Strapi CMS.

Searching exploit for it.

Running exploit.

  1. First flag.

  1. Privilege escalation.

netstat -a

The netstat command displays the contents of various network-related data structures for active connections.

Version of system architecture.

  1. Now we have to make a pivoting / port forwarding to our machine.

Downloading Chisel.

Starting chisel on our machine.

Downloading chisel from our http server and connecting to our kali from victim machine.

  1. New site discovered - Laravel.

We can find version of Laravel.

and exploit...

  1. Running exploit and getting root flag.

  1. To get an root account...

Linpeas results:

Running exploit and getting root.

Getting root.

Instruction:

https://juggernaut-sec.com/port-forwarding-lpe/