Delivery — HackTheBox Writeup

Source

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Enumeration

hompage
virtual host
HTTP server port
HTTP server on 8065
Helpdesk
ticket
ticket number
Mattermost
check status
verification link
login
internal
creds
user flag
config
DB creds
Login DB
access DB
root hash
hashcat command
hash cracked
root flag

Thank you for reading this blog. While attempting this challenge I learned so many things. This was unique target with unique vulnerability.

Reference

https://www.armourinfosec.com/performing-rule-based-attack-using-hashcat/
https://linuxize.com/post/how-to-show-mysql-users/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store