Official discussion thread for Fingerprint. Please do not post any spoilers or big hints.
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
80/tcp open http Werkzeug httpd 1.0.1 (Python 2.7.17)
8080/tcp open http Sun GlassFish Open Source Edition 5.0.1
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
someone has a hint for the upload picture on 8080 website?
have you bypass the login ?
Like bees buzz try and fuzz!
I rooted this box yesterday. This box was so cool! I would say, try making your own tools, enumeration really was the key!
One of my hardest insane machines although I loved the ride :>
I am a ICT student, for an assignment, I need to PENtest the Fingerprint machine.
This my first Hack-The-Box by the way.
I found out that the login page on 10.10.11.127:8080/login is vulnerable for (Normal Blind) SQL injection.
I’ve searched for multiple tutorials to get in without credentials but without succes.
I have a payload for the username field that returns “UniqueResultException: query did not return a unique result: 2”
Can someone more experienced tell me what to do next? What is the best next step to take?
For user flag, do we suppose to crack the password of key file?
- For foothold, enumeration is the key, and backup is critical;
- For user, crack it or find one, one way or the other;
- For root, the path is clear, just back to enumeration for a start point.