Now, in burp, look at the "HTTP History" tab within "Proxy" tab. proxychains sqlmap -r request.txt -p username,password This is the configuration that I have in Proxychains tail /etc/nf We will use proxychains to pass sqlmap's traffic via burp. Let's have a look at that.īut before we move on, let's take a look at what sqlmap did. Now, let's also take a look at the result of ffuf. sqlmap -r request.txt -p username,password I saved it as, request.txt in, /root/hackthebox/magic/ you can choose where you want to save it. Now, the request gets intercepted, save it to a file. Use FoxyProxy to pass the traffic to Burp.Īnd, try logging in with admin/admin once again. Seeing the login page, I have a feeling that this box might be about SQL injection. ffuf -w /usr/share/dirb/wordlists/common.txt -u -e. While we are messing with the website, let's run content discovery on it on the background. Trying admin/admin we get wrong username or password. Viewing the source, we see that it has a link to login.php. Now, lets open up firefox and browse to, Let's see what it has to offer on port 80. Okay, fairly simple, only ssh and http are open. Nmap done: 1 IP address (1 host up) scanned in 22.40 seconds Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel No exact OS matches for host (test conditions non-ideal). |_http-server-header: Apache/2.4.29 (Ubuntu) Ports=$(nmap -p-min-rate=1000 -T4 $ipaddress | grep ^ | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) nmap -A -p$ports $ipaddress -o nmapĢ2/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0) 8 min read Enumeration export $ipaddress=10.10.10.185.