+1 (512) 588 6950

Shoppy — HackTheBox Machine Simple Writeup

Home/Shoppy — HackTheBox Machine ...
Shoppy — HackTheBox Machine Simple Writeup

Machine Link:

Access the Machine Here Shoppy

Make sure to Connect with the HackTheBox’s VPN before start


  1. Let’s Perform anmap scan,directory and Subdomain Enumeration first

Open ports

22 - ssh
80 - http

Make sure to addshoppy.htb to your hosts using the Below command

We got nothing Interesting in the source code and there are no functionalities

2. Let’s EnumerateHTTP using Gobuster

gobuster dir -u  http://shoppy.htb/ -w /usr/share/wordlists/dirb/big.txt

3. Bypassing Login using Mongo DB Injection

username — admin’ || ‘ 1=1
password — pass

4. Now Let’s try to search for users likeadmin

5. Looks like the value of the password is a hash, so let’s try to crack using Crackstation orHashcat

CrackStation – Online Password Hash Cracking – MD5, SHA1, Linux, Rainbow Tables, etc.

Enter up to 20 non-salted hashes, one per line: Supports: LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1…

Seems like we are unable to crack the admin password’s hash, so let’s Apply the SQL Injection on Search Field

6. Injecting the same query in the search field

7. Let’s crack thejosh password hash

we got the password — remembermethisway

8. Let’s try to log in to ssh

Unfortunately, It’s not the Password : (

9. Okay Let’s use this password to login into the subdomain which we found on subdomain Enumeration — http://mattermost.shoppy.htb

Before that add the host to your/etc/hosts

10. Login with the Credentials that we already found

11. We found a Credential onDeploy Machine Option

12. Let’s try this cred to login ssh

We are In : )

13. Elevating privilege is very easier than I think

Flag: 64694d936ba3910ee38ec83e9a77fbe5

Feel Free to Ask Queries via LinkedIn and to Buy me a Cofee : )

Thank you for Reading!!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Hackthebox , htb , SQL injection , mongo db , shoppy , root , nmap , elevation , root.txt , cat.txt , machine , writeup , solution , walkthrough , flag , karthikeyan nagaraj , cyberw1ng

Leave a Reply