Post

Sws202_seasonalctf

Posted
By Tshering Phuntsho 1 min read

Be black or white, don’t try to be grey.

cover

Room Information

  • Room Name: Darkcorp
  • Difficulty Level: Insane
  • Room type: Seasonal machine(CTF)
  • Platform: Hack the box

Reconnaissance

Let’s run nmap and check what ports are open.

cover

We have discovered 2 open ports: 22(ssh) and 80(http). Since port 80 is open let’s check the website.

cover

We can see that the website redirects us to “drip.htb”, so let’s add that to our hosts file.

cover

Let’s refresh the website.

cover

I found that it is a mailing website. Next I try that functionality of that dripmail.

cover

the contact us is working fine and my message is sent successfully. I have also sign up to that dripmail site.

cover

cover

But the sign in is blocking by firewall.

cover

I notice that it is re-directed to “mail.drip.htb”.

Let’s add that to our host file.( sudo nano /etc/hosts)

cover

When refreshed, I got the login form.

cover

So I used my credential that i signup.

cover

I was welcome by gmail like page.

Next i also try to search for subdirectory.

cover

I found dashboard sudirectory, let’c check that.

cover

ohh, that page is not found. Now i am struck.

CTF, CTF_walkthrough
SWS202
This post is licensed under CC BY 4.0 by the author.

Trending Tags

SWS101 DBS101 CTF SWS202 WEB