HackTheBox Responder Writeup
In this Writeup we Learn how to hack into Responder
pwned link to verify :- https://labs.hackthebox.com/achievement/machine/2028448/461
NMAP SCAN
# Nmap 7.95 scan initiated Sat Jul 5 22:55:31 2025 as: /usr/lib/nmap/nmap -vvv -sVC -p- --min-rate 1000 -oN responder_scan.txt 10.129.231.241
Nmap scan report for 10.129.231.241
Host is up, received echo-reply ttl 127 (0.14s latency).
Scanned at 2025-07-05 22:55:31 IST for 198s
Not shown: 65532 filtered tcp ports (no-response)
PORT STATE SERVICE REASON VERSION
80/tcp open http syn-ack ttl 127 Apache httpd 2.4.52 ((Win64) OpenSSL/1.1.1m PHP/8.1.1)
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_http-server-header: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/8.1.1
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
7680/tcp open pando-pub? syn-ack ttl 127
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jul 5 22:58:49 2025 -- 1 IP address (1 host up) scanned in 198.59 seconds
We see that Port 80 , 5985, 7680 are Open , we also see that the OS Running is Windows OS
as we visit ip address 10.129.231.241 on web browser we see that the page is being redirected to
then we add the entry of our ip in our /etc/hosts file and save it using the commands
Checking the site out, we see nothing of particular interest. Although, we notice a language selection option on the navbar EN and changing the option to FR takes us to a French version of the website.
Noticing the URL, we can see that the french.html page is being loaded by the page parameter, which may potentially be vulnerable to a Local File Inclusion (LFI) vulnerability if the page input is not sanitized.
Last updated