Nax Try Hack Me Writeup
2022.03.17 | ~3 minutesTHM- NAX Overview This box made use of web enumeration and obscure steganagrophy. There wasn’t much post exploit to be done making it a pretty start to finish box once finding a foothold. Notable Scans https://github.com/LimeIncOfficial/Blog-Repo/blob/main/Nax.thm/results/10.10.91.116/scans/tcp_80_http_index.html https://github.com/LimeIncOfficial/Blog-Repo/blob/main/Nax.thm/results/10.10.91.116/scans/tcp_80_http_nmap.txt https://github.com/LimeIncOfficial/Blog-Repo/blob/main/Nax.thm/results/10.10.91.116/scans/_full_tcp_nmap.txt Road to User The first thing I did was to see if there was a webserver running. I checked if /nagiosxi was a subdirectory of the webserver and got a 301. I’ll start a dir enum scan and keep the dir in the back of my mind for the time being.