GoodGames - HackTheBox
GoodGames machine(10.10.11.130) This box was an easy box with chance of exploring vulnerabilities like password reuse in organization, Server Side Template Injection and SQL injection to pwn a gaming website. Recon Starting with recon, port scan shows only 1 port is open. rustscan -a $IP -u 5000 -- -A PORT STATE SERVICE REASON VERSION 80/tcp open ssl/http syn-ack Werkzeug/2.0.2 Python/3.9.2 |_http-favicon: Unknown favicon MD5: 61352127DC66484D3736CACCF50E7BEB | http-methods: |_ Supported Methods: OPTIONS HEAD GET POST |_http-server-header: Werkzeug/2.0.2 Python/3.9.2 |_http-title: GoodGames | Community and Store In website footer it reveals hostname GoodGames.HTB Let's add that to our /etc/hosts file. Other enumeration like directory scan and vhost fuzzing doesn't reveal much other than that there is login panel, where we can sign-in and sign-up. Foothold: Sql injection and SSTI Clicking on account icon gives a login panel and option to signup. And any w...