🌌Skyfall - HTB

https://app.hackthebox.com/machines/Skyfall

proof of date/time of getting the foothold

Foothold

Open ports

Fuzzing for vhosts

here shows its minio which is cloud object storage

shows s3 buckets in the error message

if you try to visit the MinIO Metrics it will gives you 403 forbidden

to bypass that ,we can intercept the request with burpsuite and use tab character "Double tab" after the directory path

that's will show us a new domain we can use to communicate with MinIo objects

minio is vulnerable to information disclosure below link for more reference

LogoCVE-2023-21716 - Minio Information Disclosure VulnerabilityPingsafe Blog

now we can download MinIo Client

https://github.com/minio/mc

first thing we need to do is to configure the server

found many different versions

what i have done is undo twice and it will revert back twice then download the backup file

downloading all versions and found hashicorp exports ,new domain + token that gonna help later with authentication

now we can login using vault tool from hashicorp ,but as per documentation we need to export VAULT_ADDR to the found domain ,then we login

now following this from hashicorp documentation

LogoOne-Time SSH Passwords (OTP) - SSH - Secrets Engines | Vault | HashiCorp DeveloperOne-Time SSH Passwords (OTP) - SSH - Secrets Engines | Vault | HashiCorp Developer

Root

sudo -l

First create a new file "debug.log" for the flag "-d" to save the debug output to that file and extract the used master token

PreviousCrafty - HTBNextRegistryTwo - HTB

Last updated