Hack the Box: Admirer

Admirer

User

Nmap scan
User-agent: *

# This folder contains personal contacts and creds, so no one -not even robots- should see it - waldo
Disallow: /admin-dir
[Internal mail account]
w.cooper@admirer.htb
fgJr6q#S\W:$P

[FTP account]
ftpuser
%n?4Wz}R$tTF7

[Wordpress account]
admin
w0rdpr3ss01!
FTP access
Broken credentials
Dirb scan of utility-scripts
Example file list
Adminer
$username = “waldo”;
$password = “&<h5b~yK3F#{PaPB&dA}{H>”
User access

Privlege escalation

Sudo settings
admin_tasks
Backup.py script
Overwriting the make_archive function
Running privesc script
Root reverse shell

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How we managed to hack the biggest Southeast Europe hackathon

How Passwordless SSH Login Works

Mobile Authentication for Identity and Access Management

A brief on Cisco Umbrella

Encryption: what do you need to know about it?

Harnessing Trusted Data is Essential for the Future of Supply Chain Management

GDPR and teleshopping. Did we pour the child out with the bath?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tellico Lungrevink

Tellico Lungrevink

More from Medium

The Beginning

Educator Mental Health: COVID-19 Edition

Language of Life