Appointment Machine Checklist
1️⃣ Lab Setup & Scope
- HTB OpenVPN Connected
- Target machine spawned/running
- Target IP identified:
10.129.101.97 - PING check successful
- Legal HTB Lab session verified
2️⃣ Network Discovery
- Target IP confirmed:
10.129.101.97 - Local HTB IP identified
3️⃣ Port Scanning
- All 65535 ports scanned (Found Port 80 via Rustscan)
- Service versions and default scripts detected
4️⃣ Service Enumeration
HTTP (Port 80)
- Web portal identified (Login page)
- Service version checked (Apache 2.4.38)
- Tested for common credentials
5️⃣ Vulnerability Identification
- Path identified (SQL Injection on Username field)
6️⃣ Initial Access (Foothold)
- Login bypassed using
'# - Verified admin access
7️⃣ Post-Exploitation Enumeration
- Flag retrieval from dashboard
8️⃣ Privilege Escalation
- Not Required (Direct access to admin dashboard)
9️⃣ Flags / Proof of Compromise
- Flag found & submitted:
e3d0796d... - Evidence captured (Screenshots organized)
🔟 Cleanup & Documentation
- Notes completed in Obsidian
- Screenshots organized in
evidence/
🏁 Machine Completion Status
- Pwned ✅
- Flags Submitted to HTB ✅
➡️ Machine SOLVED 🏆