🟥Name ➡️ Shoppy 🟥Release Date ➡️ 17 Sep 2022 🟥Retire Date ➡️ 14 Jan 2023 🟥OS ➡️ Linux 🟥Base Points Easy ➡️ [20] 🟥First Blood User 6 mins, 03 seconds 22sh 🟥First Blood Root 12 mins, 37 seconds 22sh 👉Shoppy was much easier to exploit From there, I’ll need the lighest of reverse enginnering to get a static password from a binary, which gets me to the next user. 👉I’ll start by finding a website and use a NoSQL injection to bypass the admin login page, and another to dump users and hashes. 👉This user is in the docker group, so I’ll load an image mounting the host file system, and get full disk access. 👉Shoppy was one of the easier HackTheBox weekly machines to exploit, though identifying the exploits for the initial foothold could be a bit tricky. 👉With a cracked hash, I’ll log into a Mattermost server where I’ll find creds to the box that work for SSH. 👉In Beyond Root, a video walkthrough of the vulnerable web-server code, showing how the injections worked, an...
🛡️Types of OS : Android 🌞Released on : 26th June 2021 ☢️Difficulty : Easy 👍Point: 20 💉Running nmap scan: nmap -vv — reason -Pn -A — osscan-guess — version-all -p- $IP -oN Explore.nmap nmap_scan.report 💉Running the nmap scan gives four ports port 2222 — ssh port 59777 — http port 5555 — adbshell {This can be found by looking on google } adb_shell_port ☢️Running FFUF ffuf -u http://explore.htb:59777/FUZZ -w /usr/share/wordlists/dirb/big.txt -t 200 -c ffuf_scan 😃Lets visit the web-page 😜As you can see its showing forbidden. So lets try some other directory. 😃And we get the same results. Lets try to enumerate port 59777 which service uses this port on android. ☺️we get this article from Daily-Swigg which explain the vulnerability in ES File explorer which exposes user data on open port and anyone can read it. 😏Lets try running FFUF on http://explore.htb:59777/sdcard/ ffuf_sdcard 😏Look like we found our first flag. So easy 😁The POC for the above vulnerability can be found o...