Hack the Box: Admirer



Nmap scan
User-agent: *

# This folder contains personal contacts and creds, so no one -not even robots- should see it - waldo
Disallow: /admin-dir
[Internal mail account]

[FTP account]

[Wordpress account]
FTP access
Broken credentials
Dirb scan of utility-scripts
Example file list
$username = “waldo”;
$password = “&<h5b~yK3F#{PaPB&dA}{H>”
User access

Privlege escalation

Sudo settings
Backup.py script
Overwriting the make_archive function
Running privesc script
Root reverse shell




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How we managed to hack the biggest Southeast Europe hackathon

How Passwordless SSH Login Works

Mobile Authentication for Identity and Access Management

A brief on Cisco Umbrella

Encryption: what do you need to know about it?

Harnessing Trusted Data is Essential for the Future of Supply Chain Management

GDPR and teleshopping. Did we pour the child out with the bath?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tellico Lungrevink

Tellico Lungrevink

More from Medium

The Beginning

Educator Mental Health: COVID-19 Edition

Language of Life