Attacking Common Applications - Skills Assessment II

pavka · May 6, 2023, 9:21am

Try: ffuf -w subdomains-10000.txt -H “Host: FUZZ.inlanefreight.local” -u http://MACHINE_IP -fs {size}

pavka · May 6, 2023, 10:28am

Can you please give me a hint what exploit did you use to get root user?
I tried different things, but got only RCE with www-data exploiting Nagios

baddogg · May 6, 2023, 10:47am

I used metasploit, search Nagios XI 5.7.5 and there are two exploit.

pavka · May 6, 2023, 11:13am

Thx, got it!
My mistake was that I thought that the flag is in /root folder, but it was in /usr/local/nagiosxi/html/admin

baddogg · May 6, 2023, 11:16am

I’m glad you solved

desertCoyote · May 28, 2023, 1:33pm

Can anyone help with getting the admin password. I have tried the default creds as well as bruteforcing using rockyou.txt but no lick

desertCoyote · May 29, 2023, 6:00am

nvm solved it

yousoc · June 27, 2023, 11:45am

i am stuck in the first question in the lab [Attacking Common Applications - Skills Assessment II]
What is the URL of the WordPress instance?

i did resolve all the other question exept the fisrt one , ant hint please

dannoura · July 24, 2023, 8:32pm

To help others reading this, try FFUF-ing.

shatners_bassoon · July 28, 2023, 10:08pm

Thanks for the clue! i spent hours doing it the hardway!

merz · October 25, 2023, 10:58am

I cant find the third vHost if my life dependend on it I have done all except that one the format i am using is this n*****.something.something

h4ck3r28 · November 11, 2023, 8:06pm

Hello dear. I am stuck at the same point. Did you get it finally ?
I have found it.

Baudejas · November 27, 2023, 5:14am

This was very easy.Everything you need is in Gitlab projects. Vhost for network monitor is there, password and username is also there. When you login to network monitor research for exploit.

CrimsonTiger · December 22, 2023, 7:50am

How did you find the wordpress url, what wordlist did you use for ffuf and is it just the gitlab.inlanefreight.local:8180 domain?

h4ck3r28 · December 23, 2023, 4:49am

Hello. I think @Baudejas already answered your question. but for wordlist you can use the following /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt

CrimsonTiger · December 24, 2023, 2:06am

isnt that wordlist for subdomains not wordpress?

h4ck3r28 · December 24, 2023, 4:55am

The wordpress URL is a subdomain or vhost.

subrealz · September 11, 2024, 7:41am

OK Guys. It is an easy one. But for some reason, the first answer does not like the https in the URL. just make it http instead and stop looking endlessly.

voyager77 · September 19, 2024, 3:44pm

Why are the questions in HTB Academy so vague.
They could simply ask, “What are the other vhosts?” or "What theme is being used in WordPress?
And trailing slash is not accepted.

http://xxxxx.inlanefreight.local/

yamish2005 · November 7, 2024, 11:07am

how did u find it ???

Topic		Replies	Views
Attacking Common Applications - Skills Assessment II Academy	0	369	July 2, 2023
Attacking Common Applications, Skills Assessment II Academy	4	921	November 5, 2023
Attacking common applications \| HTB Academy Academy	48	7243	December 13, 2024
Attacking Common Applications - Gitlab Academy	4	57	November 22, 2024
Service Authentication Brute Forcing Academy	11	1123	January 26, 2022

Attacking Common Applications - Skills Assessment II

Related topics