NMAP Scanning Added address in /etc/hosts and open the web page Upon clicking the link it asks for credentials. As we do not have any credentials I got the page below. I tried to view the source code and found the photobomb.js file. After opening that file I got the credentials. Username: pH0t0 Password: b0Mb!Continue reading “HackTheBox – Photobomb”
Tag Archives: Hackthebox
Love HackTheBox Walkthrough
Steps followed: Recon – NMAP Directory Busting – GOBUSTER Sensitive data exposure File Upload Vulnerability Shell Upload Reverse TCP exploit Always_Install_Elevated exploit For simplicity I stored IP address of web application in a variable Using NMAP for the machine port scan VIA NMAP I found OS: Windows, some open ports and URL i.e. staging.love.htb NextContinue reading “Love HackTheBox Walkthrough”
