Starting with masscan port 53 is open which is for DNS. Lets see if we can transfer zones We discovered cronos.htb and admin.cronos.htb domains. Insert following in /etc/hosts file Browse both domains …. and admin domain Use a few common techniques to enter/bypass login like admin/admin, guest/guest, etc and finally tried with SQLi which worked. […]