HTB Beep

Run a nmap scan to find for open ports.

Visiting port 80 will redirect to 443, which is a Elastix webserver.

Run a gobuster scan to find for directories.

A web mail portal.

An admin page.

Run a searchsploit

Google search the LFI exploit.

Use the LFI Exploit script below.

Found some credentials.

passw0rd & jEhdIekWmdjE

Login to the admin page with the 2nd password found.

Nothing much can be done.

Let’s use the credentials found to login into port 10000 aka webmin.

In the module config tab we are able to schedule a command. Let’s schedule a bash reverse shell nc listener.

Start up nc before the scheduled commands and root access is gained.

First flag is found in fanis

Root flag is found.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s