Today's post is going to be a walkthrough of the steps I took to find the flag for the challenge question in the Web Enumeration section of the Getting Started module on Hack The Box Academy.
You can also watch the walkthrough here:
Quick Overview
This section talks about file/directory & DNS enumeration using tools such as ffuf or GoBuster, and provides some helpful tips for web enumeration. It dives into different sources and tools that can be used to find helpful information about a target. I encourage you to read through the module and attempt the challenge on your own first.
The Task and Target
Try running some of the web enumeration techniques you learned in this section on the server above, and use the info you get to get the flag.
Target:Β 94.237.56.188:34678 (I save this right away to my notes for this lab)
Hack The Box Academy gives you an instance of their virtual machine in order to do these questions. I prefer to use my own Kali Linux virtual machine, so I'll be using that during this walkthrough.
My approach to these tasks since I'm still very new is to basically try everything and see what happens. Since all of my efforts don't always lead to anything of use, I won't include those steps in this post. I do, however, keep extensive notes on everything I do. That way, if I come across something similar in the future, I can reference back to what I did. Also, since this is more just a walkthrough, I'll let you refer to the module for more information on the specifics of the commands and such.
Anyway, let's dive in! π
The Walkthrough
In lieu of using the provided Pwnbox which uses an instance of Parrot Linux, I will use my own Kali Linux virtual machine. Since I am using Parallels, my machine is setup with a default user that I log in with. To make things easier, I want to switch to the root user. To do this, I just run the command sudo su and enter my password.
Now that I'm the root user, I want to cd into / (Root directory) and run a scan on the target using GoBuster and the dirb common.txt wordlist.
gobuster dir -u http://94.237.56.188:34678 -w /usr/share/dirb/wordlists/common.txt
This can take several minutes, but once it's done you should have an output that looks similar to this:
I save the output to my notes, since it's easier to reference back to than scrolling back up in the command line.
Checking out the results of the output, we can see that there is a /robots.txt file with an HTTP status code of 200, which is a standard response for successful HTTP requests. You can find a handy cheat sheet of HTTP status codes here.
Let's next navigate to the target url in the browser, and append the /robots.txt to the end to see what we can come up with there.
Here, we can see that the robots.txt file contains one disallowed entry. Navigating to http://94.237.56.188:34678/admin-login-page.php in the browser brings us to an Admin Panel login page.
Let's take a look at the source code. You can either right-click and choose "Inspect" to open developer tools, or hit CTRL + U on your keyboard.
Inspecting the code, I can see a comment at the bottom that contains some test credentials.
I go back to the login page and enter the credentials, which brings us to the flag to submit and complete the challenge. π
I hope you enjoyed this walkthrough and found it helpful. Thanks for reading!
Connect with me:
Twitter: @sarah_schlueter
Discord: sarahmarie73
Top comments (0)