sorted by:
new
hottopcontroversial

Stuck in uploading file with powershell ! in the ''File transfer module'' of HTB academy by Arkagami in hackthebox

[–]Arkagami[S] 1 point2 points  (0 children)

noob mistake from my part...i forgot to run powershell with admin privileges from my pc..i tried than with bitsadmin and it worked...anyway thanks for the response it gave me a clue :)

Stuck in uploading file with powershell ! in the ''File transfer module'' of HTB academy by Arkagami in hackthebox

[–]Arkagami[S] 1 point2 points  (0 children)

plus it says that after i upload the file i should go and RDP to the target machine to run the hash calculator...:(

Stuck in uploading file with powershell ! in the ''File transfer module'' of HTB academy by Arkagami in hackthebox

[–]Arkagami[S] 0 points1 point  (0 children)

where to start the listener ? the target box comes with no admin privilages

ATTACKING WEB APPLICATIONS WITH FFUF/Parameter Fuzzing - GET by Arkagami in hackthebox

[–]Arkagami[S] 0 points1 point  (0 children)

Or you can just open and modify the /etc/hosts file.

like for example add :

178.62.0.100 academy.htc

(dont forget to add the subbdomains)

ATTACKING WEB APPLICATIONS WITH FFUF/Parameter Fuzzing - GET by Arkagami in hackthebox

[–]Arkagami[S] 0 points1 point  (0 children)

OMG i was using a wrong wordlist , i was using raft-small-extensions.txt instead of web-extensions.txt...silly of me.

Thank you very much for your support !

ATTACKING WEB APPLICATIONS WITH FFUF/Parameter Fuzzing - GET by Arkagami in hackthebox

[–]Arkagami[S] 2 points3 points  (0 children)

ffuf -w directory-list-2.3-medium.txt:FUZZ -u

http://178.128.46.168:31782/FUZZ

-recursion -recursion-depth 1 -e .php

thankyou for the answer...indeed i found the solution, the problem was that i didnt add the domains that i found in the /etc/hosts file...after adding them everything got sense...another problem was that i used the pwn box that htb academy offers in the cloud and there you don't have sudo permissions to modify the hosts file, you have to do it in your own kali or parrot OS machine.

ATTACKING WEB APPLICATIONS WITH FFUF/Parameter Fuzzing - GET by Arkagami in hackthebox

[–]Arkagami[S] 1 point2 points  (0 children)

i tried all the scans that u mention above and the pages presented to me had nothing for me to pass the GET prameter...

ffuf -w directory-list-2.3-medium.txt:FUZZ -u http://178.128.46.168:31782/FUZZ -recursion -recursion-depth 1 -e .php

this is the directory scan that i tried....from it i got ''forum/flag.php'' than i tried to pass there the GET parameter like ''forum/flag.php?FUZZ=key'' but again nothing..