Return to forum

Exa · April 30, 2022 at 6:58 PM

New box.

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 34:a9:bf:8f:ec:b8:d7:0e:cf:8d:e6:a2:ce:67:4f:30 (RSA)
|   256 45:e1:0c:64:95:17:92:82:a0:b4:35:7b:68:ac:4c:e1 (ECDSA)
|_  256 49:e7:c7:5e:6a:37:99:e5:26:ea:0e:eb:43:c4:88:59 (ED25519)
80/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://graph.htb
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

I found http://internal.graph.htb/ and http://internal-api.graph.htb/graphql.

dude4695 · May 1, 2022 at 1:44 PM

(April 30, 2022, 06:58 PM)Exa Wrote: New box.

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 34:a9:bf:8f:ec:b8:d7:0e:cf:8d:e6:a2:ce:67:4f:30 (RSA)
|   256 45:e1:0c:64:95:17:92:82:a0:b4:35:7b:68:ac:4c:e1 (ECDSA)
|_  256 49:e7:c7:5e:6a:37:99:e5:26:ea:0e:eb:43:c4:88:59 (ED25519)
80/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to http://graph.htb
|_http-server-header: nginx/1.18.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

I found http://internal.graph.htb/ and http://internal-api.graph.htb/graphql.

http://internal.graph.htb/register
http://internal-api.graph.htb/admin/video/upload
http://internal-api.graph.htb/api/code
http://internal-api.graph.htb/api/verify
http://internal-api.graph.htb/api/register

yagama1light · May 1, 2022 at 5:10 PM

thnks

ozuurzzz · May 1, 2022 at 7:40 PM

Also http://internal.graph.htb/register is a valid path where you should provide an email and will receive an OTP.
I tried to brute force but didn't worked.

ozuurzzz · May 1, 2022 at 8:17 PM

Found that "Move that one image 5px down to make Phil Happy."

http://internal.graph.htb/tasks

Phil might be an user?

dude4695 · May 2, 2022 at 5:41 AM

(May 1, 2022, 08:17 PM)ozuurzzz Wrote: Found that "Move that one image 5px down to make Phil Happy."

http://internal.graph.htb/tasks

Phil might be an user?

these all are valid users

dude4695 · May 2, 2022 at 5:57 AM

http://internal.graph.htb/

add this key and value in cookie's Local Storage

username mark

username is key and mark is value
and go to
http://internal.graph.htb/profile
you will get panel access

Exa · May 2, 2022 at 6:26 PM

(May 2, 2022, 05:57 AM)dude4695 Wrote: http://internal.graph.htb/

add this key and value in cookie's Local Storage

username mark

username is key and mark is value
and go to
http://internal.graph.htb/profile
you will get panel access

I tried (Cookie: username=mark) but I get redirected back to the login page.

snailbreach · May 3, 2022 at 1:14 AM

(May 2, 2022, 06:26 PM)Exa Wrote:
(May 2, 2022, 05:57 AM)dude4695 Wrote: http://internal.graph.htb/

add this key and value in cookie's Local Storage

username mark

username is key and mark is value
and go to
http://internal.graph.htb/profile
you will get panel access

I tried (Cookie: username=mark) but I get redirected back to the login page.

It's localstorage not cookies

Exa · May 4, 2022 at 1:51 PM

(May 3, 2022, 01:14 AM)Internetdreams Wrote:
(May 2, 2022, 06:26 PM)Exa Wrote:
(May 2, 2022, 05:57 AM)dude4695 Wrote: http://internal.graph.htb/

add this key and value in cookie's Local Storage

username mark

username is key and mark is value
and go to
http://internal.graph.htb/profile
you will get panel access

I tried (Cookie: username=mark) but I get redirected back to the login page.

It's localstorage not cookies

Thanks for the clarification. Local storage works.