Hack the Box: Admirer

Admirer

User

Nmap scan
User-agent: *

# This folder contains personal contacts and creds, so no one -not even robots- should see it - waldo
Disallow: /admin-dir
[Internal mail account]
w.cooper@admirer.htb
fgJr6q#S\W:$P

[FTP account]
ftpuser
%n?4Wz}R$tTF7

[Wordpress account]
admin
w0rdpr3ss01!
FTP access
Broken credentials
Dirb scan of utility-scripts
Example file list
Adminer
$username = “waldo”;
$password = “&<h5b~yK3F#{PaPB&dA}{H>”
User access

Privlege escalation

Sudo settings
admin_tasks
Backup.py script
Overwriting the make_archive function
Running privesc script
Root reverse shell

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store