TUTORIAL HTB Tenet
by SyLZ - January 17, 2021 at 12:41 AM
#1
Unlock to view walkthrough.  :biggrin:

walkthrough Tenet Hidden Content
You must register or login to view this content.
#2
Sweet walkthrough and the creds work.

however you start with Put the code below in a php file and execute it. - how do you put the code on the server?

EDUT

ah - read more - got it now
#3
Where is the bak file location for the foothold in order to have the code for sator.php ?
#4
If you found sator.php just add .bak to it. Sator.php.bak and download it.

No need for it in this writeup.
#5
how did people find sator.php
#6
(January 17, 2021 at 02:40 AM)Buttmuncher Wrote: how did people find sator.php

There is a comment with a hint:
http://tenet.htb/index.php/2020/12/16/logs/#comment-2
#7
(January 17, 2021 at 02:45 AM)caueb Wrote:
(January 17, 2021 at 02:40 AM)Buttmuncher Wrote: how did people find sator.php

There is a comment with a hint:
http://tenet.htb/index.php/2020/12/16/logs/#comment-2

yeah - i saw that but how do you get the website to give it up?

if you go to / its actually hitting the Wordpress url.

if you try /../sator.php.bak it gets a 404.
#8
Anyone? I am pretty stuck finding this.
#9
(January 17, 2021 at 04:48 AM)Buttmuncher Wrote: Anyone? I am pretty stuck finding this.
The sator.php is on http://10.10.10.223/sator.php
#10
(January 17, 2021 at 04:48 AM)Buttmuncher Wrote: Anyone? I am pretty stuck finding this.

Add a new vhost

sator.tenet.htb

then the file is in
http://sator.tenet.htb/sator.php.bak
#11
(January 17, 2021 at 05:56 AM)0xvijay Wrote:
(January 17, 2021 at 04:48 AM)Buttmuncher Wrote: Anyone? I am pretty stuck finding this.

Add a new vhost

sator.tenet.htb

then the file is in
http://sator.tenet.htb/sator.php.bak

thank you so much. i am an asshole!
#12
(January 17, 2021 at 05:56 AM)0xvijay Wrote:
(January 17, 2021 at 04:48 AM)Buttmuncher Wrote: Anyone? I am pretty stuck finding this.

Add a new vhost

sator.tenet.htb

then the file is in
http://sator.tenet.htb/sator.php.bak

I'm wondering how you were supposed to find that. I used ffuf to enumerate vhosts, but sator.tenet.htb did not supply me with a different response than let's say blabla.tenet.htb. Is there a logical way to find this out? Because I didn't start searching for sator.php on sator.tenet.htb because I thought that subdomain did not exist.

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL Tenet box orangutang 0 371 April 05, 2021 at 11:19 PM
Last Post: orangutang
TUTORIAL HTB - You have been banned by HTB-Bot HDplus 23 3,041 March 27, 2021 at 11:11 PM
Last Post: throwawayzero
TUTORIAL TENET Latinbrownie 0 301 March 24, 2021 at 10:57 PM
Last Post: Latinbrownie

 Users browsing this thread: 2 Guest(s)