Academy — HackTheBox WalkThrough

Source — HTB

Enumeration

We will kick off this machine with enumerating using nmap.

Nmap Result
edit hosts file
GoBuster
HTTP Access
Hidden Field
Intercept
Change roleid
response
Admin Panel
Add Virtual Host
Access Virtual Host
Env Variable
laravel exploit
Reverse Shell
Users
Access Denied
Manual Search
Search Result
DB Password
login
User Access
User Flag
Sudoers File
user creds
mrb3n user
sudo -l result
GTFOBINS
Composer
root flag

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store