HackTheBox – SEA Walkthrough

Enumeration

SEA is an easy Linux machine. I will show here a step by step walkthrough on how to pwn this box.

  1. First thing first. Copy the IP address into the /etc/hosts file.

2. Run an Nmap scan on the target machine.

The results of the nmap scan shows that it has open TCP port 80 and SSH port 22. We know that the SSH is not of use for us at the moment. But since we have a port 80 open. We will try and open that in the browser.

3. Typing http://sea.htb:80

4. Clicking on the HOW TO PARTICIPATE will scroll down to this page.

5. Notice the blue link “contact” clicking that link will bring us to a registration page.

NOTE: This is a “/contact.php” page

6. At this point, we may have to perform fuzzing to further enumerate the existence of sub-directories.

7. Our tool of choice for this is FFUF- a fast web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.

(Reference KALI LINUX website.)

NOTE: This machine is still active at Hack The Box. We will continue the rest of the write up after it is retired.

No comments