HTB Backdoor WIP writeup
This machine is proving to be difficult
- Add to /etc/hosts
2. nmap to see points of entry
3. Let’s see if we can bruteforce SSH using Hydra
4. While Hydra runs, let’s see what technology is being used on the website
5. Let’s wpscan and see what comes up
6. wpscan vulnerable plugins (aggressive detection w/ free API key)
7. Use DuckDuckGo, Exploit DB, or your search engine of choice to find “ebook download directory traversal exploit db” (Exploit db tends to have nice proofs of concept)
8. Test the proof of concept from Exploit db
9. Sad hydra noises
10. Cat the wp-config.php file for plain text credentials
11. Let’s also try to get the /etc/passwd file (why not?)
12. ??? Not sure where to go from here so let’s nmap again with all ports (-p-), sometimes HTB likes to hide things or put UDP ports in