Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we began by enumerating open services – finding ports 21 and 80 open. Looking at the source code on the webserver, we find out the CMS is Bludit version 3.9.2, which is vulnerable to a bruteforce protection bypass attack. After further […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 21, 22, and 80 open. Enumerating the webserver, we eventually find FTP credentials. After pulling files from the FTP server, we learn of another web sub-directory. Enumerating that sub-directory, we find a […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – notably finding ports 21, 80, 445, 135, 139, and 2049. From the network share, we find a hashed password for admin@htb.local, which after cracking it, allows us to log into Umbraco on the webserver. […]