Format - incomplete
Level - Medium
Enumeration
Nmap scan
On initial visit on the Machine's IP, we are redirected to ->
app.microblog.htb
(let's add this in our /etc/hosts file)
we now have the src code of the website, let's clone & analyse this.
Upon looking into
microblog folder
we found 2 sub domains
app & sunny. Let's add sunny in our
/etc/hosts
file.Sunny's subdomain is nothing but a blog written & posted by him.
On homepage we noticed that we can get a subdomain by registering so let's do it.
LFI
After registering we now can create subdomains.
Let's add this in our /etc/hosts
file
Create a blog
after visiting your subdomain, you can now see the blog content.
Why LFI?
if you checked the src code whatever we send inside the
id
parameter get's written inside our blogContents of
microblog/microblog/sunny/edit/index.php
Let's add location of
/etc/passwd
& see if it works
I surfed for a while & found no important files that can help us to get a rev shell on the machine.
While reviweing the src code of
edit/index.php
, i saw there's something calledpro feature
Let's try to get a pro version on our account.
-------- the machine went vip sry couldn't complete :(
------- i'll surely complete this once i get VIP.
Last updated