Hack The Box — BountyHunter Walkthrough
Hello guys, Hope you are good and well. We are gonna see the walkthrough of the BountyHunter machine in Hack The Box.
First, we start with a Nmap scan.
nmap -sC -sV 10.10.11.100
Now, there is only a web app running. The web app has a portal where it has some details of a CVE records.
So, now we will look for XXE vulnerability. Because the data is sent in XML format when looking at the burp request. Now, we will encode the payload with URL encode and Base64 in cyberchef and result of the payload is
Now, inserting this. We get the result in base64 when decrypting it shows the etc/passwd file like below,
Now, we will try to get the contents of the db file with the payload below which is generated by cyberchef.
After, inserting this payload, We will get the db.php file content.
Here, we can get the password. Now, we will try to login with the SSH for admin user and we failed and then we
Read the article