Assignment02
Jude Al Haroun
• HTB profile link: https://app.hackthebox.com/profile/2008389
• Screenshot of completion:
a. All Machines
b. Sequel
c. Crocodile
d. Appointment
• First, connect to VPN.
• Appointment:
- SQL Injection, an attacker can
inject malicious SQL code to
manipulate the database.
- Doing Nmap scan to find the
version.
- Searched the internet for a
vulnerability for this version.
- Installing gobuster
and using –help to
figure out how it works.
-
Installing Seclists, for common passwords,
directories, etc.
-
Had a problem with the URL. Instead
of using http I used https and got
blocked.
- Finally got the directories.
- Signed in using admin and
commenting the rest.
- Got the flag.
• Sequel:
- another SQL injection
vulnerability, where we use
-u root to enter to the
database without a
password.
- Did an Nmap scan to find
the service but had an issue
with finding the version. I
used multiple parameters
such as -sV, --versionintensity, -version-trace, O, until finally found the
version using -sC.
- Installed mysql.
- Had a problem that MySQL uses ssl/tls
connection.
- Searched the internet and found a way using –
skip_ssl.
- Connected to the
database using -u
root.
- Saw –help to figure
out how to use
SQL.
- Navigated through help
to and saw some
commands.
- Used SHOW DATABASES.
- Used SHOW TABLES to see
the tables, accessed both users
and config tables, until I found
the flag.
• Crocodile:
- Connected to FTP server, got the file that had
the credentials, and logged in using them.
- Did Nmap scan, found the version and the
files.
- Connected to the server.
- Downloaded
allowed.userslist and
allowed.userslist.passwd
using get.
- opened the website.
- Found the
login.php directory using
gobuster.
- Logged in to the
website using the
credentials from
the files.
0
