InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Member-only story

Soccer — Hack The Box | Writeup with Flag

Karthikeyan Nagaraj
InfoSec Write-ups
Published in
8 min readDec 31, 2022

Phases…

  1. Scanning
  2. Enumeration
  3. Privilege Escalation

Make sure to Connect with HTB Vpn

1. Scanning

Perform a nmap Scan first
nmap -sC -sV <Machine-IP>

┌──(cyberw1ng㉿root)-[~]
└─$ nmap -sC -sV 10.10.11.194
Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-31 22:45 IST
Nmap scan report for 10.10.11.194 (10.10.11.194)
Host is up (0.22s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
| 256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
|_ 256 5797565def793c2fcbdb35fff17c615c (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://soccer.htb/
|_http-server-header: nginx/1.18.0 (Ubuntu)
9091/tcp open xmltec-xmlmail?
| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, RPCCheck, SSLSessionReq, drda, informix:
| HTTP/1.1 400 Bad Request
| Connection: close
| GetRequest

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Karthikeyan Nagaraj

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher TopMate - https://topmate.io/cyberw1ng

Write a response

good job but you shouldn't have post the flags

--

Thank you very much for your efforts, i tried the sql map and i have used the python code as it was mentioned by at last i don't get the credentials even it says the input is injectable
any help?

--