Return to forum
RainyDay - HTB [Discussion]
by - Thursday, January 1, 1970 at 12:00 AM
Elite User
Elite
Posts: 132
Threads: 0
Joined: N/A
Reputation: 5

#1
October 15, 2022 at 5:27 PM
Good luck everyone :)
Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#2
October 15, 2022 at 7:19 PM
Hay una ruta posible que está en la fuente de /login /var/www/rainycloud/./app.py

I doubt this will do any good

One question, is the login and register functional?
Reply
Member
Member
Posts: 22
Threads: 0
Joined: N/A
Reputation: 0

#3
October 15, 2022 at 7:20 PM
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 48:dd:e3:61:dc:5d:58:78:f8:81:dd:61:72:fe:65:81 (ECDSA)
|_ 256 ad:bf:0b:c8:52:0f:49:a9:a0:ac:68:2a:25:25:cd:6d (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://rainycloud.htb
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 (94%), Linux 5.0 - 5.3 (94%), Linux 5.4 (94%), Linux 5.0 - 5.4 (94%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 705.51 ms 10.10.16.1
2 451.98 ms 10.129.229.31

login page - http://rainycloud.htb/login

subdomain
---------
dev.rainycloud.htb - access denied - invalid ip

(October 15, 2022, 07:19 PM)coder1777 Wrote: Hay una ruta posible que está en la fuente de /login /var/www/rainycloud/./app.py

I doubt this will do any good

One question, is the login and register functional?


yes
Registration is currently closed bruh......
Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#4
October 15, 2022 at 7:28 PM
(October 15, 2022, 07:19 PM)coder1777 Wrote: Hay una ruta posible que está en la fuente de /login /var/www/rainycloud/./app.py

I doubt this will do any good

One question, is the login and register functional?

I just found some routes

[quote pid="660122" dateline="1665861575"]
/new
[/quote]
[quote pid="660122" dateline="1665861575"]
/register
[/quote]
[quote pid="660122" dateline="1665861575"]
/login
[/quote]
[quote pid="660122" dateline="1665861575"]
/api
[/quote]
[quote pid="660122" dateline="1665861575"]
/log out
[/quote]
Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#5
October 15, 2022 at 7:30 PM
(October 15, 2022, 07:20 PM)contenedor de basuraX0 Wrote: SERVICIO DE ESTADO DEL PUERTO VERSIÓN
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocolo 2.0)
| ssh-hostkey:
| 256 48:dd:e3:61:dc:5d:58:78:f8:81:dd:61:72:fe:65:81 (ECDSA)
|_ 256 ad:bf:0b:c8:52:0f: 49:a9:a0:ac:68:2a:25:25:cd:6d (ED25519)
80/tcp abrir http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
| _http-title: no seguí el redireccionamiento a http://rainycloud.htb
Advertencia: los resultados de OSScan pueden no ser confiables porque no pudimos encontrar al menos 1 puerto abierto y 1 puerto cerrado
Suposiciones agresivas de SO: Linux 4.15 - 5.6 (95 %), Linux 5.3 - 5.4 (95 %), Linux 2.6.32 (95 %), Linux 5.0 (94 %), Linux 5.0 - 5.3 (94 %), Linux 5.4 ( 94 %), Linux 5.0 - 5.4 (94 %), Linux 3.1 (94 %), Linux 3.2 (94 %), Cámara de red AXIS 210A o 211 (Linux 2.6.17) (94 %)
No hay coincidencias exactas de sistema operativo para el host ( condiciones de prueba no ideales).
Distancia de red: 2 saltos
Información de servicio: SO: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (usando el puerto 80/tcp)
DIRECCIÓN HOP RTT
1 705.51 ms 10.10.16.1
2 451.98 ms 10.129.229.31

página de inicio de sesión - http://rainycloud.htb/login

subdominio
---- -----
dev.rainycloud.htb - acceso denegado - ip inválida

(October 15, 2022, 07:19 PM)codificador1777 Wrote: Hay una ruta posible que está en la fuente de /login /var/www/rainycloud/./app.py

Dudo que sirva de algo

Una pregunta, ¿funciona el inicio de sesión y el registro?



El registro está actualmente cerrado bruh......

Apparently you have to be logged in to be able to do something...

probably api endpoint enumeration?
Reply
Member
Member
Posts: 21
Threads: 0
Joined: N/A
Reputation: 0

#6
October 15, 2022 at 7:33 PM
There is user jack, but I haven't found a password
Reply
Member
Member
Posts: 44
Threads: 0
Joined: N/A
Reputation: 0

#7
October 15, 2022 at 7:35 PM
When you try to login with invalid credentials check view-source you'll see this

Error - Login Incorrect!

Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#8
October 15, 2022 at 7:40 PM
(October 15, 2022, 07:30 PM)coder1777 Wrote:
(October 15, 2022, 07:20 PM)contenedor de basuraX0 Wrote: SERVICIO DE ESTADO DEL PUERTO VERSIÓN
22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocolo 2.0)
| ssh-hostkey:
| 256 48:dd:e3:61:dc:5d:58:78:f8:81:dd:61:72:fe:65:81 (ECDSA)
|_ 256 ad:bf:0b:c8:52:0f: 49:a9:a0:ac:68:2a:25:25:cd:6d (ED25519)
80/tcp abrir http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
| _http-title: no seguí el redireccionamiento a http://rainycloud.htb
Advertencia: los resultados de OSScan pueden no ser confiables porque no pudimos encontrar al menos 1 puerto abierto y 1 puerto cerrado
Suposiciones agresivas de SO: Linux 4.15 - 5.6 (95 %), Linux 5.3 - 5.4 (95 %), Linux 2.6.32 (95 %), Linux 5.0 (94 %), Linux 5.0 - 5.3 (94 %), Linux 5.4 ( 94 %), Linux 5.0 - 5.4 (94 %), Linux 3.1 (94 %), Linux 3.2 (94 %), Cámara de red AXIS 210A o 211 (Linux 2.6.17) (94 %)
No hay coincidencias exactas de sistema operativo para el host ( condiciones de prueba no ideales).
Distancia de red: 2 saltos
Información de servicio: SO: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (usando el puerto 80/tcp)
DIRECCIÓN HOP RTT
1 705.51 ms 10.10.16.1
2 451.98 ms 10.129.229.31

página de inicio de sesión - http://rainycloud.htb/login

subdominio
---- -----
dev.rainycloud.htb - acceso denegado - ip inválida

(October 15, 2022, 07:19 PM)codificador1777 Wrote: Hay una ruta posible que está en la fuente de /login /var/www/rainycloud/./app.py

Dudo que sirva de algo

Una pregunta, ¿funciona el inicio de sesión y el registro?



El registro está actualmente cerrado bruh......

Apparently you have to be logged in to be able to do something...

probably api endpoint enumeration?
(October 15, 2022, 07:35 PM)achillescarter Wrote: When you try to login with invalid credentials check view-source you'll see this

                                <!-- Sign In Form -->
                               
                                <!-- RainyCloud-4: TODO - Remove debug errors from prod -->
                                <h4> Error - Login Incorrect! <!-- /var/www/rainycloud/./app.py:288 --></h4>

I will use cewl to create a dictionary based on the words of the web, let's see what is interesting

nothing interesting...
Reply
Member
Member
Posts: 15
Threads: 0
Joined: N/A
Reputation: 1

#9
October 15, 2022 at 7:57 PM
Hello,

The hash of passwords can be leak:

http://rainycloud.htb/api/user/1.0

jack:$2a$10$bit.DrTClexd4.wVpTQYb.FpxdGFNPdsVX8fjFYknhDwSxNJh.O.O
root:$2a$05$x4nSvCqGHZBmBQnmNM2nXeWDzVvvsXaJiHsSv1pwZnxrcBFbOibZS
gary:$2b$12$WTik5.ucdomZhgsX6U/.meSgr14LcpWXsCA0KxldEw8kksUtDuAuG
Reply
Member
Member
Posts: 30
Threads: 0
Joined: N/A
Reputation: 1

#10
October 15, 2022 at 8:08 PM
Unable to crack those hashes with hashcat -m 3200
Reply


 Users viewing this thread: RainyDay - HTB [Discussion]: No users currently viewing.