search
githubEdit

Precious

hashtag
Enumeration

nmap -T4 -p- 10.129.80.85

  • Ports found

PORT      STATE    SERVICE
22/tcp    open     ssh
80/tcp    open     http

hashtag
HTTP server

triangle-exclamation

To make the website work I had to add the IP into hosts file

echo "10.129.80.85 precious.htb" >> /etc/hosts

  • Launch a self-hosted web server in the attacker machine to intercept and intercept the request with burp

Intercept traffic and send to repeater

With the repeater option we can identify interesting things in the response

The most prominent is related to WKHTMLTOPDF, and with a quick google we can find several exploits to it, however, none of them worked.

hashtag
Other possible vulnerable services

triangle-exclamation

TO BE CONTINUED ....

PreviousAmbassadorNextBlue

Last updated