Hack the Box: FreeLancer
Challenge Lab: Web
Difficulty: Medium
“Can you test how secure my website is? Prove me wrong and capture the flag!”
Let’s start by pulling up the website:

I ran gobuster on the webpage to find more directories:

At /administrat, there is a login page:

And at /portfolio.php there is a log cabin image:

After doing some tests, I am going to use sqlmap to try some SQL Injection techniques.


You can choose “Y” for the prompts, and eventually it will spit out some data tables:

We can dump them further. The portfolio table just contained some basic website stuff, but the safeadmin table contained a bit more:


That password looks like bcrypt. Let’s throw it in hashcat. Sometimes bcrypt can take a LONG time to crack though, so while that is going I will attempt further enumeration:

I assume I am going to be using these credentials for that administrator page I found earlier. I ran gobuster on that page to see if I could get anything further from it:

I noticed that when I navigated to /panel.php I kept being redirected to /index.php. I tried to download panel.php with mysql.
Here it shows that it was downloaded and saved to my computer:

Let’s open up that file location:

You will find the flag nestled in there near the bottom! So there was no need to decrypt that password after all.
Happy Hacking! ❤