hackthebox bounty walkthrough

Starting with nmap port 80 shows just a picture named merlin.jpg. Possibly a user in the box. Doing gobuster and scanning with .aspx extension we get two things of interest. First transfer.aspx where we can upload files and second UploadedFiles where we get to access the files we uploaded. Doing enumeration, we find that we […]

hackthebox – bastard – windows

Starting with nmap. Scan all ports with masscan Doing another scan in open ports using default script. port 80 reveals Drupal website. Looking at CHANGELOG.txt we are using Drupal version 7.54. Simple Google searching, we found another exploit here. Oopss!! let me try that again. Sweet! I am iusr. what can I do?? Let’s grab […]