Hack The Box — Postman

Executive Summary

Recon

nmap -sV -p1-65000 10.10.10.160
  • 22 (SSH)
  • 80 (Web App Apache)
  • 6379 (Redis key-value store 4.0.9)
  • 1000 (Web App MiniServ 1.910)

Enumerating

redis-cli -h 10.10.10.160
> CONFIG GET *

Exploitation

Crack Matt

ssh2john keymatt > mattpass
john --wordlist=~/Documents/passlist/rockyou.txt mattpass

Matt

Webmin Exploitation

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ardy

Ardy

Father of One Doughter and CyberSecurity Analyst