Tag: python

• Bashed – HackTheBox

  Scanning I started as always with an nmap scan. Enumeration Just port 80 open so let’s check that out. The dev folder looks promising. Wow, a phpbash webshell. That’s handy. Foothold – Shell as www-data Awesome, I should be able to get a reverse shell from this. It took a bit of tinkering with payloads…

  Captain Nemo

  March 18, 2022

  HackTheBox

  HackTheBox, pspy, python, sudo

• Mango – HackTheBox

  Scanning Started with my typical nmap scan. Enumeration – Port 443 Port 80 returned a 403 forbidden as seen in the scan, but 443 seemed worthwhile to check out. This search function just returned to itself. Gobuster revealed a subdirectory /analytics & this also worked from the primary page. This was a collected table of…

  Captain Nemo

  March 7, 2022

  HackTheBox

  Gobuster, HackTheBox, JJS, Linux, NoSQL Injection, python, SUID Binary

• Bounty Hunter – HackTheBox

  Started out with my standard nmap scan: So SSH and port 80 is open, so I’ll just go check out that web server. Within it there’s a directory that looks like it leads to a db search: I captured some test data from this in Burp: So I notice a couple things. One is that…

  Captain Nemo

  October 22, 2021

  HackTheBox, Write-Ups

  HackTheBox, python, sudo, XXE