Usage

Information Gathering

Port and Service

Nmap scan report for 10.10.11.18
Host is up (0.025s latency).
Not shown: 65471 closed tcp ports (reset), 62 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 a0:f8:fd:d3:04:b8:07:a0:63:dd:37:df:d7:ee:ca:78 (ECDSA)
|_  256 bd:22:f5:28:77:27:fb:65:ba:f6:fd:2f:10:c7:82:8f (ED25519)
80/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://usage.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 91.69 seconds
┌──(me㉿kali)-[~/ctf/usage]
└─$ curl -sIL 10.10.11.18
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 29 Apr 2025 11:21:25 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://usage.htb/

Initial Access

pada halaman forget password rentan terhadap SQL Injection

disini saya menggunakan sqlmap untuk dumping dbnya

saya akan dump admin_users

disini saya crack dengan hashcat

saya mencoba login ke usage.htb tapi tidak bisa, saya teringat ada admin.usage.htb jadi saya login kesana dan berhasil masuk ke dashboard

PreviousBoardLightNextNibbles

Last updated