🚩 (incomplete) HTB - Secure Notes
Executive Summary
- IP:
10.10.10.x - OS: Linux / Windows
- Key Technique: (e.g., SQLi → Cron Job Escalation)
- Status:
In Progress
Reconnaissance
Nmap Scan
# Paste initial scan hereWeb Enumeration
-
Technologies: (Apache, PHP, etc.)
-
Fuzzing Results:
-
/admin(403) -
/images(200)
-
Foothold (User)
Path: <% tp.file.cursor(1) %>
Step 1: Discovery
(What did you find?)
Step 2: Exploitation
(The exact payload or exploit used).
🐇 Rabbit Hole I spent time trying to brute force SSH.
- Correction: Always check for
id_rsakeys in web directories first.
Privilege Escalation (Root)
Current User: www-data
Enumeration
- LinPeas Findings:
Vulnerable Sudo version
Exploitation
Bash
# Commands to get root
Loot & Flags
-
User Flag:
hash_here -
Root Flag:
hash_here -
Credentials:
user:password
References: Link