Livrarea Comenzilor
Comenzile primite in ziua respectivă se livrează a doua zi calendaristică.
Comenzile sunt livrate prin firma de curierat GLS Curier, livrarea făcându-se la adresa indicată de client, in ziua urmatoare lucratoare, dupa preluarea coletului, pe intreg teritoriul Romaniei intre orele 08:00 si 17:00, de Luni pana Vineri.
Transportul este gratuit in Romania la comenzi peste 100 lei.
Transportul international este suportat de client. Acesta isi poate alege mijlocul de transport care este cel mai convenabil.
http://10.10.10.15 The webpage appears to be a simple website with a " Contact Us" form. However, upon inspecting the page source, we notice a peculiar comment:
cat ~fish/config The file contains a password for the root user. We can now switch to the root user and gain full access to the system:
<!-- TODO: move to prod env --> This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces: hack fish.io
sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information:
After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password: http://10
http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges.
su root
Next, we visit the HTTP service running on port 80:
You're interested in writing about Hack The Box's Fish.io, I presume? We can try to access the /admin directory,
To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services:
sudo -l We can leverage this configuration to gain root access:
http://10.10.10.15 The webpage appears to be a simple website with a " Contact Us" form. However, upon inspecting the page source, we notice a peculiar comment:
cat ~fish/config The file contains a password for the root user. We can now switch to the root user and gain full access to the system:
<!-- TODO: move to prod env --> This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces:
sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information:
After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password:
http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges.
su root
Next, we visit the HTTP service running on port 80:
You're interested in writing about Hack The Box's Fish.io, I presume?
To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services:
sudo -l We can leverage this configuration to gain root access:
