Category Archives: hackthebox

Hackthebox Olympus Walkthrough

Initial Foothold – Crete Island

Nmap result:

Port 80 enumeration
– Dirbuster: no interesting page/directory.
– Nikto: found uncommon header xdebug 2.5.5
– Xdebug is an extension for PHP to assist with debugging and development.
– Xdebug < 2.5.5 suffer from unauthenticated os command execution
– Exploit: https://github.com/vulhub/vulhub/blob/master/php/xdebug-rce/exp.py

Continue reading

Hackthebox Aragog Walkthrough

Hackthebox Aragog Walkthrough:

Nmap Result

FTP allow anonymous login, further enumeration reveal “test.txt” file.

Continue reading