🛡️ Three - Overview
📝 Machine Information
- Name: Three
- Platform: Hack The Box (Starting Point - Tier 1)
- Difficulty: Very Easy
- IP Address: 10.129.227.248
🎯 Objective
Gain access to the target system and retrieve the flag by identifying and exploiting misconfigured services, specifically an exposed S3 bucket.
🚀 Walkthrough Summary
- Reconnaissance: Identified Port 22 (SSH) and Port 80 (HTTP) as open using
rustscanandnmap. - Enumeration: Discovered the domain
thetoppers.htband its subdomains3.thetoppers.htbvia vhost enumeration. - Initial Access: Exploited an insecure S3 bucket to upload a PHP webshell and gained Remote Code Execution (RCE).
- Exfiltration: Retrieved the flag from the server using the webshell.
🔗 Quick Links
- 🔍 Reconnaissance
- 📂 Enumeration
- 🔑 Initial Access
- 🚀 Privilege Escalation
- 🎌 Post-Exploitation
- 🏁 Flags & Completion
- 📝 Lessons Learned
- ✅ Checklist
🖼️ Proof of Compromise
Next Step