Hackthebox - Heal

luadoles December 14, 2024, 10:45pm 1

Solve Heal Here…

macavitysworld December 15, 2024, 7:14am 2

find subdomains
check for lfi
get creds with lfi
limesurvey rce
check for config files
get user creds
login via ssh
check for running services
check configs again for acl secret
consul rce for root

Bluez88 December 16, 2024, 11:26am 3

Hey, can you please explain how you get LFI. I found the subdomain. Did a directory scan found no endpoints?

macavitysworld December 16, 2024, 2:32pm 4

on the subdomain you can download files.

1 Like