Metadata

  • Platform: HackTheBox
  • CTF: Headless
  • Difficulty: Easy

Summary

TODO

Solution

Reconnaissance

Nmap

sudo nmap -sC -sV -vv -oA headless 10.10.11.8
  • SSH on port 22 (Debian)
  • HTTP on port 5000 (Python), sets Base64 cookie called “is_admin”

The cookie seems to be signed and not changeable

Gobuster

TODO

Port 5000

/contact page has input fields.

User Flag

TODO

Root Flag

TODO