Shibboleth - HackTheBox
Shibboleth Machine(10.10.11.124) Info: This was a medium linux box which aimed at teaching players about zabbix, mariadb command injection CVE and password reuse vulnerability. Recon: Starting with port scan, only one port is shown open, we can always run full port scan in background. rustscan -a 10.10.11.124 -u 5000` PORT STATE SERVICE REASON 80/tcp open http syn-ack UDP port scan As rustscan supports only TCP we will use nmap for UDP scanning. sudo nmap -sU 10.10.11.124: PORT STATE SERVICE 623/udp open asf-rmcp This port is used in remote remote monitoring systems. Running better nmap scan on it Let's add shibboleth.htb to our hosts file and also run vhost scanning in background. ffuf -u http://shibboleth.htb/ -w ~/wordlist/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.shibboleth.htb" -fc 302 /'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ...