Hack The Box:Luanne(NetBSD)
The nmap scan for this machine shows us information about three ports. nmap scan Port 9001 is the one with Supervisor process manager .We get a login page there and even on Port 80. login page The login page at port 9001 has supervisor and if we search for default password for it we get user/123 and when we use that, we can login to it. supervisor We see a couple of scripts running and when we click on them we get the output. uptime Uptime output does not reveal anything . memory Memory output also does not reveal anything. processes The _httpd are interesting in the processes output. /usr/libexec/httpd -u -X -s -i 127.0.0.1 -I 3000 -L weather /usr/local/webapi/weather.lua -U _httpd -b /var/www This suggests that there is a lua script and a weather directory but it shows nothing. If we do further directory busting we find that there is a sub directory called forecast. It tells us to use the city variable with the value list to get the list of all the available cities. forecast su...