Tag: Gobuster
-
Curling – HackTheBox
Curling is an easy machine that required directory busting a web page to find a secret key to access a Joomla CMS admin panel. This allowed for code execution which led to our initial shell. From there we moved laterally by finding a hex dump, decoding it, and discovering a password. To achieve root access,…
-
Mango – HackTheBox
Scanning Started with my typical nmap scan. Enumeration – Port 443 Port 80 returned a 403 forbidden as seen in the scan, but 443 seemed worthwhile to check out. This search function just returned to itself. Gobuster revealed a subdirectory /analytics & this also worked from the primary page. This was a collected table of…
A Cyber Journey 