Hack the Box: FreeLancer

Challenge Lab: Web

Difficulty: Medium

“Can you test how secure my website is? Prove me wrong and capture the flag!”

Let’s start by pulling up the website:

I ran gobuster on the webpage to find more directories:

At /administrat, there is a login page:

And at /portfolio.php there is a log cabin image:

After doing some tests, I am going to use sqlmap to try some SQL Injection techniques.

You can choose “Y” for the prompts, and eventually it will spit out some data tables:

We can dump them further. The portfolio table just contained some basic website stuff, but the safeadmin table contained a bit more:

That password looks like bcrypt. Let’s throw it in hashcat. Sometimes bcrypt can take a LONG time to crack though, so while that is going I will attempt further enumeration:

I assume I am going to be using these credentials for that administrator page I found earlier. I ran gobuster on that page to see if I could get anything further from it:

I noticed that when I navigated to /panel.php I kept being redirected to /index.php. I tried to download panel.php with mysql.

Here it shows that it was downloaded and saved to my computer:

Let’s open up that file location:

You will find the flag nestled in there near the bottom! So there was no need to decrypt that password after all.

Happy Hacking! ❤




CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Shapes & Colors Learning Games Hack Free Resources Generator

Not the Kind of Phishing You Like

Threat Hunting for DGA Domains in Splunk DNS logs

InfoSecSherpa’s News Round Up for Wednesday, October 13, 2021

Series 1: 100 Ethereum stolen in 7 days - NFTs scamming grey area revealed/walk-through

What is Identify federation in AWS?

Anatomy of Brand Phishing Attacks on Instagram

Microsoft ION -Decentralized Identity

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF Writeups to facilitate cyber education.

More from Medium

HTB: Artic Writeup w/o Metasploit

Website Hacking — Information Gathering, File Upload, Code Execution, File Inclusion

PortSwigger Web Security Academy Server-side topics — SQL Injection

HackTheBox — Monitors