🛠Getting Started - Web Enumeration Walkthrough (Hack The Box):
> 💡 Question: Run some of the web enumeration techniques you learned in this section on the target server above. Use the information you find to get the flag!
- I begin with quick, obvious checks. First, I run:
whatweb <target IP>
to fingerprint the web server, then visit:
http://<target IP>
The page seems uninteresting, so I view the source (
CTRL+U)—still nothing useful.Next, I try:
curl <target IP>/robots.txt
and find a disallowed path:
/admin-login-page.php
- I navigate to:
/admin-login-page.php
and check the source code again—this time I find credentials in an HTML comment:
<!-- TODO: remove test credentials admin:password123 -->
- Using those creds, I log in and grab the flag.
Top comments (0)