HackTheBox Responder Writeup
In this Writeup we Learn how to hack into Responder
pwned link to verify :- https://labs.hackthebox.com/achievement/machine/2028448/461
NMAP SCAN
# Nmap 7.95 scan initiated Sat Jul 5 22:55:31 2025 as: /usr/lib/nmap/nmap -vvv -sVC -p- --min-rate 1000 -oN responder_scan.txt 10.129.231.241
Nmap scan report for 10.129.231.241
Host is up, received echo-reply ttl 127 (0.14s latency).
Scanned at 2025-07-05 22:55:31 IST for 198s
Not shown: 65532 filtered tcp ports (no-response)
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 127 Apache httpd 2.4.52 ((Win64) OpenSSL/1.1.1m PHP/8.1.1)
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_http-server-header: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.1
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
7680/tcp open pando-pub? syn-ack ttl 127
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jul 5 22:58:49 2025 -- 1 IP address (1 host up) scanned in 198.59 seconds
We see that Port 80 , 5985, 7680 are Open , we also see that the OS Running is Windows OS
as we visit ip address 10.129.231.241 on web browser we see that the page is being redirected to
http://unika.htb 
then we add the entry of our ip in our /etc/hosts file and save it using the commands
nano /etc/hosts
10.129.231.241 unika.htb
[CTRL + S] TO SAVE THE CHANGES IN FILE
[CTRL + X] TO EXIT
Checking the site out, we see nothing of particular interest. Although, we notice a language selection option on the navbar EN and changing the option to FR takes us to a French version of the website.
Noticing the URL, we can see that the french.html page is being loaded by the page parameter, which may potentially be vulnerable to a Local File Inclusion (LFI) vulnerability if the page input is not sanitized.
Last updated