tips for flujab from hackthebox

after getting root i finally can take off my clown suit and post some tips and hints for hackthebox flujab box.

initial foothold:
1. automated tools can fail and will partially or completely fail. i used wfuzz for web enumeration, it couldn’t deal with random connection fails, but gave me some results. however, all the needed info can be harvested manually by just simple web-browsing.
sqlmap was useless for me.
2. disregard all unrelated stuff. you must hunt for some flu, not flowers or smth else.
3. thoroughly check ssl cert. with smth like this:

echo | openssl s_client -showcerts -servername flujab.htb -connect flujab.htb:443 2>/dev/null | openssl x509 -inform pem -noout -text


4. examine all http cookies. find out, how they can help to configure smth.
5. get some syringe xD to inject something into nurse.
6. debugging smtp server can be brought up like this:

python -m smtpd -n -c DebuggingServer your_ip:25


7. at this point you should also be in scope. dont dig too deep, everything you need is in front of you. if you can’t access what you want, try it on another port probably.


root:
supereasy. check whitelisting process and thoroughly RTFM.


Leave a reply