So, the other day, I decided to give this “Paul Goydos” thing a shot. I mean, I’d heard about it here and there, but never really looked into it. Turns out, it’s part of this Hack the Box platform, which is like, a playground for people who are into cybersecurity stuff.
First, I had to get on the site, you know, the thing. Then I had to go to a page called “starting point” and connect to a 加速器. I chose a 加速器 server and downloaded the configuration file. Then I moved the file to a new folder I created on my desktop. After that, I used the command line to connect to the 加速器 and I was in.
Getting Started
Once I was connected, I tried to find some clues to see what I was supposed to do next, and I stumbled upon this forum where people were talking about similar challenges. Someone mentioned that this challenge is not about what you see on the surface. This made me think that I needed to dig deeper. I remembered reading about a tool called “gobuster,” so I used it to find a hidden page called “admin.”
The Real Deal
- I went to the admin page and found a login form.
- I tried some common usernames and passwords, but no luck.
- Then I remembered another post talking about SQL injection, so I gave that a try.
- Bingo! I used a simple SQL injection payload, and it worked! I was logged in.
Finding the Treasure
Now that I was in, the real fun began. I looked around and found a page where I could upload files. This seemed like a good opportunity to get a reverse shell. I found a PHP reverse shell script online, customized it with my IP address, and uploaded it. Then I started a listener on my computer to catch the incoming connection. I triggered the file I uploaded, and boom! I got a shell, which meant I had control over the server.
The final step was to find the flag. I navigated through the file system and eventually found it in a text file. I opened the file, and there it was – the flag! Mission accomplished!
Man, that was a fun little adventure. It’s crazy how you can start with nothing and end up with full control of a system. And it all started with just poking around and trying different things. Makes you wonder what else is out there waiting to be discovered.
