Hack the Box: Admirer



Nmap scan
User-agent: *

# This folder contains personal contacts and creds, so no one -not even robots- should see it - waldo
Disallow: /admin-dir
[Internal mail account]

[FTP account]

[Wordpress account]
FTP access
Broken credentials
Dirb scan of utility-scripts
Example file list
$username = “waldo”;
$password = “&<h5b~yK3F#{PaPB&dA}{H>”
User access

Privlege escalation

Sudo settings
Backup.py script
Overwriting the make_archive function
Running privesc script
Root reverse shell




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Escape Game Hack Free Resources Generator

Alexei Orlov on Ideamensch!

How an Office365 Email Hack Cost Millions (and How You Can Avoid the Same Fate)

The Perils of Two-Factor Authentication

PoutineX’s First Major Campaign guide (2/2)

Video: How to Mine QRL Quanta — EP006

What to Do If You Have Problems with Tracking a USPS International Package

{UPDATE} Royal Wedding Cake Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tellico Lungrevink

Tellico Lungrevink

More from Medium

Biweekly blog post (07.02–21.02.2022)

The Colour Green.

November 23