HACK THE BOX 2million
Hi, I decided to start challenging myself by trying out hackthebox machines and do as many as I can within a month.
The fist box, i gave a go at was 2million it reminded me of the old version of hackthebox where you had to actually hackthebox to be able to login.
I was follwing ippsec’s tutorial and read some writeups that i would link down below.
The first thing that every pentester has to do is scan the target, we have to know what is up and working before we do anaything else but first we have to connect to the box in the first place as shown below.
I found two open ports, sadly i forgot to screenshot it🤦🏾♂️ which were 22 and port 80. Now what you are supposed to do is type in cat /etc/hosts on the terminal and add 2million.htb to it. Now it’s time to run burpsuite to listen to the requests on seeing what is running on the site.
Noticed that i could change the endpoints and kept on looking at the responses
Below, trying to get an invite code with the invite endpoint
There is a clue on what to look for that is overlays
Links: