Overview This machine begins w/ a web enumeration, discovering /search, where it is susceptible to a SSTI2RCE exploit due to insufficient input sanitization, allowing us to obtain a low-privilege/w...

Overview This machine begins w/ a web enumeration, discovering that TCP/3000 is running grafana, where it is susceptible to a directory traversal & arbitrary file read vulnerability. w/ this vu...

Overview This machine begins w/ web enumeration, viewing the page source of the index page reveals a javascript file photobomb.js containing credentials for /printer. /printer directory is a tool t...

Overview This machine begins w/ a web enumeration, discovering /admin-dir, containing credentials for FTP, FTP contains an archive of the web directory, revealing a directory utility-scripts that w...

Overview This machine begins w/ a web enumeration, discovering login.php, a login page that is susceptible to a SQLi Authentication bypass due to the lack of input sanitization. Next, we are redir...

Overview This machine begins w/ a web enumeration, discovering that on OpenNetAdmin 1.18.1 is running, it is susceptible to a RCE exploit, allowing us to obtain a low-privilege/www-data user. For...

Overview This machine begins w/ a web enumeration, discovering that the webserver is running nostromo 1.9.6 which is susceptible to a directory traversal that leads to RCE vulnerability due to insu...

Overview This machine begins w/ a web enumeration, discovering a subdomain name (staging-order.mango.htb) by viewing the SSL certificate. staging-order.mango.htb is a login page that is susceptible...

Overview This machine begins w/ a network enumeration, discovering a vulnerable service redis 4.0.9 that is susceptible to a RCE exploit, through the service, we are able to write a SSH public key ...

Overview This machine begins w/ a thorough web enumeration, discovering several directories that contains necessary information to proceed. Directory /admin contains a login page that is coded w/ ...