🌌Skyfall - HTB
https://app.hackthebox.com/machines/Skyfall


Foothold
Open ports

Fuzzing for vhosts


here shows its minio which is cloud object storage


if you try to visit the MinIO Metrics it will gives you 403 forbidden

to bypass that ,we can intercept the request with burpsuite and use tab character "Double tab" after the directory path

that's will show us a new domain we can use to communicate with MinIo objects

minio is vulnerable to information disclosure below link for more reference

now we can download MinIo Client
first thing we need to do is to configure the server


found many different versions

what i have done is undo twice and it will revert back twice then download the backup file


downloading all versions and found hashicorp exports ,new domain + token that gonna help later with authentication

now we can login using vault tool from hashicorp ,but as per documentation we need to export VAULT_ADDR to the found domain ,then we login

now following this from hashicorp documentation


Root
sudo -l

First create a new file "debug.log" for the flag "-d" to save the debug output to that file and extract the used master token


Last updated