This box is very slow. However one has to deal with such boxes in real life, so tweak the tools where we can use them to deal with such boxes.

Let’s start with reconnaissance

Ran general nmap:

nmap -sV -sC -oA general 10.10.10.76

  • sV = for service version detection, -sC…

html encoding: HTML encoding can be used for xss protection if we keep untrusted data inside html tags such as <div> but it will not work for the untrusted data put inside <script> tags or in links such as <img src=javascript: ….> or <a href=javascript:…..>. …

Ip address: 10.10.10.79

So our mighty tool nmap, this gives 22(ssh), 80 port and 443 are open.

dirbuster gives on port 80, there is a folder dev.

Notes have this below data

To do:

1) Coffee.
2) Research.
3) Fix decoder/encoder before going live.
4) Make sure encoding/decoding is only done client-side.
5) Don't use…

Hack the Box — Retired Machine — Jarvis

Let us first run nmap, sparta.

Observe that ports 22 and 80 are open.

So let’s see the output of sparta or nikto to find any interesting directories.

dl padmavathi

I go by Padma. I am a security enthusiast. This blog contains security related and some general stuff.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store