Security Blog, Rants, Raves, Write-ups, and Code
Cartographer
| Name: | Cartographer |
|---|---|
| Hint: | Some underground hackers are developing a new command and control server. Can you break in and see what they are up to? |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
 |
destiny  |
| Creator: | Arrexel  |
Web Challenges provide a web address with a unique port. ALL of the Web challenges have an address of "docker.hackthebox.eu." It is the port that changes. So, we fire up the instance and nav to the address.
A simple login page. Let's try the usual suspects (admin:admin; admin:password; SQL injection). Using 'or'1'='1 for both user and password, we get in!!
The URL now adds a ?info=home component. It looks like the site is using the info=whatever to query specific pagea. Just for kicks, let me change home to flag (So, ?info=flag).
OK....a) I got lucky; b) sometimes, it really is that easy.
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.