TryHackMe write-up: The Marketplace

 

Introduction






This is my write-up for TryHackMe's The Marketplace Room.

Enumeration

Using nmap, I found that this box had 3 ports open.


Checking both ports 80 and 32768, we see the same website:


Looking at 1 item, I saw that there's a contact author and report to admins option.


Clicking on either link brought me to the login page.


It's a good thing I can also sign up to this site:


Prior to signing up and logging in, I checked for robots.txt.  I found that there's a "hidden" folder.


Checking this folder, I found that I needed to do something to access it.


Read more »
at No comments:
Labels: ,

TryHackMe write-up: Revenge

 

Introduction







This is my write-up for TryHackMe's Revenge Room.  As can be seen in the note, this room is actually a continuation of another room Blog.  The write-up for that is found in TryHackMe write-up: Blog

After hacking Billy's website, he tracks us down and sends us the following note.


Enumeration

Using nmap, I saw that this box has 2 ports open.


Checking port 80, we see that it is hosting the company's website:


I wanted to check the products page so I checked the first product they were selling.


Funny though is that the product id is listed as part of the URL.  In this case, it is http://10.10.151.163/products/1.  I then checked what would happen if I typed in a non-existent product id, say 999: 



Read more »
at No comments:
Labels: ,

TryHackMe write-up: Res

 

Introduction



This is my write-up for TryHackMe's Res Room.

Enumeration

Using nmap, I saw that this box 2 ports open.


Checking port 80, I found that it is running Apache.


Read more »
at 4 comments:
Labels: ,
Subscribe to: Posts (Atom)