BreadCrumbs — HackTheBox Writeup

Source

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Synopsis

Skills Required

Skills Learned

Enumeration

Nmap
Homepage
Library
books
popup
checkout
burp
warning
/books
book3.html
action
buro request
read index.php
../index.php
../includes
../db.php
gobuster
Dashboard
issues
Users
pizza
gobuster on /portal
../login.php
../authContoller.php
JWT
JWT
JWT Signature
admin accounts
../cookie.php
php
/includes Directory
../fileController.php
JWT
cookie editor
admin dashboard

Initial Access

Upload

Note: Remember, this is a windows OS, linux PHP web shells won’t work. Use This Web Shell

access php
Reverse shell
users
Credentials
user flag
todo.html

Privilege Escalation — root

Sqlite DB
smbserver
Access SMB
Copy DB Files
DB on Kali Linux
Credentials
Development
copy binary
Strings
port 1234
port forward
curl
SqlMap
CyberChef
root flag

Quirks

index.php

Thank you for reading this blog. While attempting this challenge I learned so many things. This was unique target with unique vulnerability.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store