Medium
Cat [45 pts]
| Challenge Description |
| Points: 45 |
| Solves: 2683 |
- enumerate the page to find hidden
.gitdirectory where you can review the source code of the application - find XSS to get the admin token and SQLi to get username and password for the first user of the box
- the user is in special group and can read logs, use this to leak the other user password
- find that Gitea is running internally, which has another XSS vulnerability to leak root password
Enumeration
Starting with nmap
kali@kali:~/HTB/cat $ mkdir nmap kali@kali:~/HTB/cat $ nmap -sC -sV -oA nmap/cat $IP Starting Nmap 7.94SVN ( https://nmap.org )...
This writeup is protected, as the machine is currently active. Check back later for the writeup.