Category Archives: hackthebox

Hackthebox Olympus Walkthrough

Initial Foothold – Crete Island

Nmap result:

Port 80 enumeration
– Dirbuster: no interesting page/directory.
– Nikto: found uncommon header xdebug 2.5.5
– Xdebug is an extension for PHP to assist with debugging and development.
– Xdebug < 2.5.5 suffer from unauthenticated os command execution
– Exploit:

Continue reading

Hackthebox Aragog Walkthrough

Hackthebox Aragog Walkthrough:

Nmap Result

FTP allow anonymous login, further enumeration reveal “test.txt” file.

Continue reading