Hack The Box - Swagshop

Hakyza · August 7, 2019, 3:27pm

Hi, i’m new here and recently begin Hack The Box challenges.I begin with Swagshop but i cant do more than a nmap scan… So if someone can help me with hints or books that i can learn i would be very grateful.

0xf00f77 · August 7, 2019, 8:38pm

Hey there! I’d take a look at your Nmap output and continue to enumerate. What can you learn about each service on there? If there is a website, what tool can you use to enumerate the website? Continue to poke around and learn as much as you can about anything you find, and you can pwn swagshop!

The ippsec YouTube videos are very helpful for learning how some tools work, with some research into tools like dirbuster and learning a bit about how reverse shells are handled in his videos you can tackle a lot.

Hakyza · August 8, 2019, 10:26am

When you say to learn about each service on thre you mean try to find if the versions are old and have some vulnerabilities. It have a website, is using magento, probably try to find if magento has some vulnerabilities and use dirb to search for hidden web content. Thank you for the help 0xf00f77.

badcor · August 8, 2019, 11:49am

You should also check the very nice write up of @PresComm

Hakyza · August 8, 2019, 9:11pm

Thank you all for the support guys, i will do my best! And i will see your write up too @PresComm

Hakyza · August 9, 2019, 11:49pm

I think i’m on the right track. I will take more time because i want to know how the things work, the exploits, the shells, etc. If i need some help i will ask but ippsec is really good to learn, Thank you so much

petruknisme · August 14, 2019, 8:28am

If you need a little nudge, you can pm me on discord htb

petruknisme · August 19, 2019, 9:38am

@W4K3Y Petruknisme#5919

petruknisme · August 27, 2019, 3:40am

Feel free to ping me

system · September 6, 2019, 3:27pm

This topic was automatically closed after 30 days. New replies are no longer allowed.