all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Stocker — Hack The Box

Add to bookmarks
Jan. 26, 2023, 12:45 p.m. | Rahul Kumar

System Weakness - Medium systemweakness.com

Stocker — Hack The Box

In this writeup, we will solve a box on hackthebox called Stocker.

https://medium.com/media/172fa75207969271d31e4587e6258f20/href

Nmap Scan

nmap -sC -sV -Ao nmap/stocker 10.10.11.196

From the Nmap scan, we get the HTTP URL for the web page.

echo "10.10.11.196 stocker.htb" >> /etc/hosts

Web enumeration

There is nothing much on the home page.

Subdomain enumeration

gobuster vhost -u http://stocker.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Add the subdomain in the /etc/hosts file

if we intercept the login request.

This web page is vulnerable …

box hack hacking hack the box hackthebox-walkthrough hackthebox-writeup information security node.js

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 1 day, 3 hours ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 1 day, 3 hours ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 1 day, 3 hours ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 1 day, 23 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 1 day, 23 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 2 days, 22 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 2 days, 22 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 2 days, 22 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 2 days, 22 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

QA Customer Response Engineer

@ ORBCOMM | Sterling, VA Office, Sterling, VA, US
View on infosec-jobs.com

Enterprise Security Architect

@ Booz Allen Hamilton | USA, TX, San Antonio (3133 General Hudnell Dr) Client Site
View on infosec-jobs.com

DoD SkillBridge - Systems Security Engineer (Active Duty Military Only)

@ Sierra Nevada Corporation | Dayton, OH - OH OD1
View on infosec-jobs.com

Senior Development Security Analyst (REMOTE)

@ Oracle | United States
View on infosec-jobs.com

Software Engineer - Network Security

@ Cloudflare, Inc. | Remote
View on infosec-jobs.com

Software Engineer, Cryptography Services

@ Robinhood | Toronto, ON
View on infosec-jobs.com
View more jobs