Love | HackTheBox Writeup
Love is an easy Windows-based machine in HackTheBox
Start with nmap scan found many open ports.
From the map scan, I found the DNS name and added to /etc/hosts.
Checking HTTP shows a login page, but I don’t have any credentials
I got some directories using ffuf.
Let’s use this later.
Then i checked the subdomain part and I got this website.
On clicking Demo, I redirected to another website that has the functionality to scan the file using URL.
I just typed 127.0.0.01 and I got this .
This is what I got in HTTP.
So I started checking every port and in 1 port I got these credentials.
I previously got a login page, I tried the credentials in there but no success.
Then I checked credentials in the admin directory which I got in directory brute-forcing using ffuf and got success.
I redirected to the dashboard.
This is a votingsystem.
There is an option to add new voters and also profile upload.
So I started to check file upload vulnerabilities.
As shown in the image i change some part in the code.
deleted ‘/votesystem’ from PAGE & URL because we don’t have that directory.
I run and I got the shell back with the exploit.
I uploaded linpeas and checked any privilege escalation techniques and I got this.
I uploaded that exploit and got reverse shell as SYSTEM in metasploit.