Runner HTB Writeup | HacktheBox | HackerHQ
Introduction
Today, I'll be diving into Runner Writeup, a Windows box on Hack The Box created by Geiseric, to hack it. Throughout this post, I'll detail my journey and share how I successfully breached Runner to retrieve the flags.
Since I'm still honing my skills, I'll occasionally reference the official Runner Walkthrough for guidance. Consider this write-up as more of a personal blog documenting my experience rather than a comprehensive step-by-step guide.
Full Writeup - https://www.hackerhq.tech/2024/04/runner-htb.html
Runner Hacking Phases
Initial Access
Nmap TCP Port Scan
- Checking for open ports using Nmap.
Web Page Enumeration
- Exploring and gathering information from web pages.
Directory Bruteforce
- Attempting to find hidden directories.
Vulnerability Assessment
- Identifying potential weaknesses and vulnerabilities.
Server-Side Template Injection Exploitation
- Exploiting server-side template injection vulnerabilities.
User Flag
- Obtaining the user flag.