00_Overview

🐊 Crocodile - Overview

📝 Machine Information

• Name: Crocodile
• Platform: Hack The Box (Starting Point - Tier 1)
• Difficulty: Very Easy
• IP Address: 10.129.104.153

🎯 Objective

Retrieve sensitive user lists from an insecure FTP server and use them to gain access to a hidden administrator dashboard on the web server.

🚀 Walkthrough Summary

1. Reconnaissance: Identified Port 21 (FTP) and Port 80 (HTTP) as open.
2. Enumeration (FTP): Accessed the FTP server via anonymous login and exfiltrated allowed.userlist and allowed.userlist.passwd.
3. Enumeration (Web): Performed directory bursting on the web server and discovered a hidden login.php page and a dashboard/ directory.
4. Initial Access: Logged into the login.php portal using credentials found in the exfiltrated lists.
5. Exfiltration: Accessed the dashboard and retrieved the flag.

---

🔗 Quick Links

• 🔍 Reconnaissance
• 📂 Enumeration
• 🔑 Initial Access
• 🏁 Flags & Completion
• 📝 Lessons Learned
• ✅ Checklist

---

🖼️ Proof of Compromise

---

Next Step

🚀 Start Walkthrough: Reconnaissance →