Skip to content
📦 Hack the Box

Precious

Enumeration

Section titled “Enumeration”
Terminal window
nmap -T4 -p- 10.129.80.85
  • Ports found
PORT      STATE    SERVICE
22/tcp    open     ssh
80/tcp    open     http

HTTP server

Section titled “HTTP server”

  • Launch a self-hosted web server in the attacker machine to intercept and intercept the request with burp
python3 -m http.server 80

Intercept traffic and send to repeater

With the repeater option we can identify interesting things in the response

The most prominent is related to WKHTMLTOPDF, and with a quick google we can find several exploits to it, however, none of them worked.

Other possible vulnerable services

Section titled “Other possible vulnerable services”