TUTORIAL HTB Fortress Synacktiv (DISCUSSION)
by pheonix2021 - April 27, 2021 at 08:58 PM
#1
Let's start boys !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Reply
#2
Goooooooooooo ahead :D
Reply
#3
only port 80 open and so far unable to find anything with gobuster.
it runs debian.
Reply
#4
After three hours of enumerating in search of something useful I found only huge rabbit holes.
Reply
#5
whats that budd can you share here
Reply
#6
speed is the key to finding something. also enumerate the vhosts
Reply
#7
(April 29, 2021 at 03:40 PM)n3m3n91 Wrote: speed is the key to finding something. also enumerate the vhosts

What did you use as a wordlist to discover the vhost? I have used several but without results ...
Reply
#8
ffuf -u http://hackfail.htb/ -H "Host: FUZZ.hackfail.htb" -w /usr/share/seclists/Discovery/DNS/dns-Jhaddix.txt -timeout 100 -t 1 -fs 10676
Reply
#9
I don't see the difference between dev and main site, except "X-Robots-Tag: noindex" header.. All three protected urls I found is "Restricted to Administrators".. Any hints?
Reply
#10
There is waf
If you bypass you can do deserialisation
Reply
#11
(April 30, 2021 at 06:14 PM)paulwatson42016 Wrote: There is waf
If you bypass you can do deserialisation

Where do you see the deserialisation? I managed to extract the app's source code but don't see a vuln in it, even the special usename which can be found in the code should does not really help...
Reply
#12
(April 30, 2021 at 06:14 PM)paulwatson42016 Wrote: There is waf
If you bypass you can do deserialisation

Are you trying to misguiding us, Elon Musk? 😀
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB Love [DISCUSSION!!] En3rypt3D 40 4,709 Yesterday at 08:04 PM
Last Post: Juicybitch88
TUTORIAL ATTENDED [DISCUSSION] 0xvijay 89 25,912 May 04, 2021 at 10:40 AM
Last Post: Destroy3r3
TUTORIAL Weather App [Discussion] n3m3n91 23 5,572 April 24, 2021 at 10:19 AM
Last Post: admin2021

 Users browsing this thread: 2 Guest(s)