General Ch... @general-chotsoh 3 months ago how can i be verified in the telegram channel
xone @xone 3 months ago @general-chotsoh https://t.me/+Tv8j6ewNAjX1WMxY
xone
3 months ago
xone
#hackthebox
Sorcery HTB Writeup | HacktheBox | Season 8
Objective
Document the penetration test on sorcery.htb, focusing on network scanning, repository access, password manipulation, and reverse shell establishment.
Steps Executed
1. Network Scan
Scanned $IP with Nmap:
nmap -sC -sV $IP
Findings: Identified HTTP and Git services. through dirb
2. Hosts Configuration
Added domains to /etc/hosts:
echo "IP environmental.htb sorcery.htb git.sorcery.htb" | sudo tee -a /etc/hosts
3. Git Repository Clone
Cloned repository with SSL verification disabled:
export GIT_SSL_NO_VERIFY=true git clone https://git.sorcery.htb/nicole_sullivan/infrastructure.git
4. Git Inspection
Inspected Git objects:
git cat-file -p acb753d git show b94fe501dfe6470cf77a639d54c0d2178588ad71
Findings: Retrieved sensitive configurations.
5. Password Hash
Generated Argon2id hash for P@ssw0rd123:
echo -n "P@ssw0rd123" | argon2 somesalt -id -t 2 -m 15 -p 1
Output: $argon2id$v=19$m=32768,t=2,p=1$c29tZXNhbHQ$TwnvITHeonF5W7P/GQH0sLr+yntWG4LeIZkd7sNFxwE
Access is restricted by HackTheBox rules#
The solution to the problem can be published in the public domain after her retirement.
Look for a non-public solution to the problem in the telegram channel .
