htb- three
hey there hope all is nice at your end !!
1>RUSTSCAN
The first thing i do is rust scan to see the open ports and all services running :>>>
2>NMAP SCAN
nmap -sC -sV -vv -oA 1 10.129.68.152
cat 1.nmap to see the results
after running the namp scan for services scan i get a domain thetoppers.htb and then i visited the domain and checked out the source code and there i get some .php ext file name with a directory
and then i just copied this dir and try to acess it
nothing here !!!
3>Gobuster
as we dont get anything else like any services vulnerable and alll so we got domain and one more info like this site is using php files so maybe it would help us (maybe )
before gobuster i just putted this domain into /etc/hosts
echo "10.129.68.152 thetoppers.htb" | sudo tee -a /etc/hosts
10.129.68.152 thetoppers.htb
and finally i go on the gbuster commmands like specially for append domains
so , i played a little lazy role here like i just gone throught the description and got to know like this stuff is given
so i made a wordlist incluided “s3” and saved that file as nice
so just used the command given below
gobuster vhost -w nice -u [<http://thetoppers.htb>](<http://thetoppers.htb/>) --append-domain
and then i just gone to this url and got the service running
AWS > GETTING REVERSE SHELL ON TARGET !!
Catch 1 > its s3 bucket subdomain and 2> its running
i just gone on the google and searched for some aws cli and then i putted on chatgpt to download the aswl cli tool !! and i downloaded it sucessfully !!!
and then i started to configure it like we have to configure the region and alll setting and for this i dont have much info so i just putted all fake and all stuff !!
after this i wasnt aware of the commands and then i runned
aws help
there you will get to know how to use it or like we can google this too!!
and the i got this bucket and now its like a boom moment , and then i started to go deeper !!
and then i was like ohkkey because there was nothign suspicious here as index.php was only website , and due to this i was like hell yeah i have to checkout more stuff on the source of the website but the instict was too lazy so that i just stucked here and was like ohkkey i am goona make some stuff here , wether it will work or not , i was thinking of uploading the file there so i created a file named “”rshell””
adn uploaded it sucessfully
and iw as like too lazy so i just said chatgpt to make a php outline but inside i need bash simpliccity shell so that i have test it normally i was not sure of working !!!
then i uploaded it using following command
so yeah i started to visit the domain like a dumb !!! ;) like s3.thetoppers.htb/rshell.php
so the file was downloading at all no doubt , but i was thinking of reverseshell and then i was like i made a mistake there and instead of doing this on subdomain i just done
http://thetoppers.htb/rshell.php
and after this i got revershell sucessfully !!!
i and as this was a started machine i just gone finding the like root.txt adn all that stuff and got nothing and then i gone to files like
i was going on linpeas.sh but i just check for flag.txt adn i got the flag !!
so thank you this is my first htb machine writeupp , do forgive me for any inconvenience by my english writing and all stuff !! suggestions are always open for me please do approach me for suggestion !! happy hacking !!
Last updated
Was this helpful?