Member-only story
HTB - Soccer
4 min readApr 3, 2025
A writeup for the machine Soccer on Hack The Box
https://app.hackthebox.com/machines/Soccer
Footprinting
We can start by doin a scan with nmap.
nmap -sS MACHINE_IP
We find three open ports: 22, 80, and 9091.
If we look at the website on port 80, there is only a simple home page with no other links.
By enumerating the main site using gobuster, we can find a subdomain called tiny.
gobuster dir -u soccer.htb \
-w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
User flag
Entering Tiny File Manager
After enumerating with gobuster, we found a hidden page under /tiny.
