HDC Web Challenge — HackTheBox
After Lernaean Web Challenge it’s time to publish the solution of HDC Web Challenge.
On opening the IP/Domain:IP we have the below page.
It is a login panel of HADES DISTRIBUTION COMPANY. Common usernames and passwords do not work here.
Let’s move onto checking the source code.
So the form has the value of “name1” & “name2”. Nothing else here.
We have two more js files included. Let’s check them one by one.
myscripts.js do not contain any valuable information. Let’s check the second one. The second one is quite large file. So let’s narrow down our search. From the source code of form we knew two values. Let’s find them.
Finding the name1 value.
We got the value for name1. Let’s find the value of for name2.
We got the value for name2 as well. Let’s try to log into the panel using these values.
We are successfully logged into the panel.
There is nothing special for us in the Goals and Publicity panels. We have to focus on Main Tasks panel.
So we can send the emails using this CONTROL PANEL. But for that we need to find the users and their emails. Let’s check the MailBox.
Ohkay so this is Special Customer’s Mailbox. Nothing seems to be here as well. But wait! why is there a text icon. Let’s open this in new tab.
It is just a gif image but wait. Did you noticed the URL in the address bar. The “secret_area_”. Let’s try to check if there is Directory Listing here.
Oh yes!. We have successfully found the mails.txt file. We were desperately looking for this file. Let’s open it up.
We have different users and their emails here. But wait do you really know what we have to do with these email? Let’s take a look back if you didn’t noticed it.
We have to find the individual who uses this website for shady business and we are required to send him an email.
Let’s fire the burp suite up. Intercept the email request. Send it to intruder. Add all the emails in the payload.
Select the position. For email we need the name1 position.
Add all the emails in the payloads.
Start the attack and wait.
Here we go!
We have successfully found the KEY and the individual who is using this website for the shady business is.
That’s all. We have completed another web challenge successfully.
Thanks for reading.