Hack The Box - Swagshop

Hakyza · August 7, 2019, 3:27pm

Hi, i’m new here and recently begin Hack The Box challenges.I begin with Swagshop but i cant do more than a nmap scan… So if someone can help me with hints or books that i can learn i would be very grateful.

0xf00f77 · August 7, 2019, 8:38pm

Hey there! I’d take a look at your Nmap output and continue to enumerate. What can you learn about each service on there? If there is a website, what tool can you use to enumerate the website? Continue to poke around and learn as much as you can about anything you find, and you can pwn swagshop!

The ippsec YouTube videos are very helpful for learning how some tools work, with some research into tools like dirbuster and learning a bit about how reverse shells are handled in his videos you can tackle a lot.

Hakyza · August 8, 2019, 10:26am

When you say to learn about each service on thre you mean try to find if the versions are old and have some vulnerabilities. It have a website, is using magento, probably try to find if magento has some vulnerabilities and use dirb to search for hidden web content. Thank you for the help 0xf00f77.

W4K3Y · August 8, 2019, 11:24am

Its not just about if the service has a vulnerability its also looking to see if there is anything unusual, like is it on a standard port and has it been configured correctly?

Also sometimes dirb or gobuster provide different results as well as using the “correct” word lists.

FYI - you are very close from what i remember.

badcor · August 8, 2019, 11:49am

You should also check the very nice write up of @PresComm

Hakyza · August 8, 2019, 9:11pm

Thank you all for the support guys, i will do my best! And i will see your write up too @PresComm

W4K3Y · August 9, 2019, 10:55am

Need any more help or are you on the right track?

Hakyza · August 9, 2019, 11:49pm

I think i’m on the right track. I will take more time because i want to know how the things work, the exploits, the shells, etc. If i need some help i will ask but ippsec is really good to learn, Thank you so much

petruknisme · August 14, 2019, 8:28am

If you need a little nudge, you can pm me on discord htb

W4K3Y · August 15, 2019, 12:18pm

@petruknisme im on HTB quite a lot could i get your discord tag?

petruknisme · August 19, 2019, 9:38am

@W4K3Y Petruknisme#5919

W4K3Y · August 19, 2019, 11:34am

Thanks would be good to do some boxes together in the future.

petruknisme · August 27, 2019, 3:40am

Feel free to ping me

system · September 6, 2019, 3:27pm

This topic was automatically closed after 30 days. New replies are no longer allowed.