Hack The Box - Bashe Write Up
HTB - Bashed Basic Difficulty: Easy Tools: nmap python reverse shell script (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) gobus ter LinEnum.sh (https://github.com/rebootuser/LinEnum) Walkthrough Recon nmap scanning for the win! nmap -sC -A -oN nmap-initial 10.10.10.68 -sC: Default script -A: Enable OS detection, version detection, script scanning, and traceroute -oN: Output scan in normal format The result shows only tcp/80 is open. Let's navigate to the web page. It looks like a blog post mentioning a tool phpbash . Cli ck on the page to learn more: It mentions that : I actually developed it on this exact server! Hence if we find out the location of phpbash, we can actually execute commands on the host! To find the location out, gobuster is a great tools for b rute -forcing directories! # gobuster dir -u http://10.10.10.68 -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium.t