Skip to main content

Posts

Showing posts with the label wordpress

HacktheBox - Blocky - Retired - Update

HacktheBox - Retired - Blocky - Update Recon I'm using threader3000 to do my recon scan. IT first does an up/down scan on all TCP ports then suggests a nmap scan based on the results of the first scan. It automatically saves the output from nmap to an XML for you. I then convert the XML to HTML to make it easier to read. xsltproc ./blocky.htb/blocky.htb.xml -o blocky.html So it looks like a linux box 4 ports are open Port 21 FTP           Proftpd 1.3.5 Port 22 SSH           OpenSSH 7.2p2 Port 80 HTTP Apache 2.4.18 Port 25565 minecraft           1.11.2 Interesting seeing minecraft on there… let's start with our normal enumeration. Port 21 let's see if it allows anonymous connections. Nope. We'll skip over ssh for right now, that usually is not the path on a HacktheBox machine. What is it serving on port 80? Scrolling down we see a link that says login. Don't mind if we do. Let's check it out. A wordpress login portal... Poking around i