Hack The Box - Swagshop

Hi, i’m new here and recently begin Hack The Box challenges.I begin with Swagshop but i cant do more than a nmap scan… So if someone can help me with hints or books that i can learn i would be very grateful. :slight_smile:

1 Like

Hey there! I’d take a look at your Nmap output and continue to enumerate. What can you learn about each service on there? If there is a website, what tool can you use to enumerate the website? Continue to poke around and learn as much as you can about anything you find, and you can pwn swagshop!

The ippsec YouTube videos are very helpful for learning how some tools work, with some research into tools like dirbuster and learning a bit about how reverse shells are handled in his videos you can tackle a lot.

2 Likes

When you say to learn about each service on thre you mean try to find if the versions are old and have some vulnerabilities. It have a website, is using magento, probably try to find if magento has some vulnerabilities and use dirb to search for hidden web content. Thank you for the help 0xf00f77. :smile:

Its not just about if the service has a vulnerability its also looking to see if there is anything unusual, like is it on a standard port and has it been configured correctly?

Also sometimes dirb or gobuster provide different results as well as using the “correct” word lists.

FYI - you are very close from what i remember.

You should also check the very nice write up of @PresComm

1 Like

I got pinged, and here I am!

I definitely agree with @0xf00f77 about IppSec’s videos. When I first started HTB earlier this year, I was completely lost and directionless in general. I ended up going through some playlists on IppSec’s channel and making notes of some common tools, common weaknesses, common misconfigurations, etc. Then, once you start doing these things over and over, you realize that there are only so many things that can possibly be wrong with a system conceptually. That’s why learning the kill chain and spending the proper amount of time at each stage is so important.

3 Likes

Thank you all for the support guys, i will do my best! And i will see your write up too @PresComm :slight_smile:

Need any more help or are you on the right track?

I think i’m on the right track. I will take more time because i want to know how the things work, the exploits, the shells, etc. If i need some help i will ask but ippsec is really good to learn, Thank you so much :slight_smile:

1 Like

If you need a little nudge, you can pm me on discord htb :slight_smile:

@petruknisme im on HTB quite a lot could i get your discord tag?

@W4K3Y Petruknisme#5919

Thanks would be good to do some boxes together in the future.

Feel free to ping me

This topic was automatically closed after 30 days. New replies are no longer allowed.