HTB - Perfection

A writeup for the machine Perfection on Hack The Box

https://app.hackthebox.com/machines/Perfection

Footprinting

Firstly, we can start with a nmap scan.

nmap -sS MACHINE_IP

We find two open ports with one web servers publicly accessible.

The web server runs a simple website with a home page and a weight calculator form.

We can try to fuzz the website to find hidden directories.

gobuster dir -u http://MACHINE_IP -w /usr/share/wordlists/dirb/common.txt

No hidden directories found.

If we open a 404 page, we can see that the server is running Sinatra, a Ruby web framework.

User flag​

Weight calculator​