HTB-sea-walkthrough

HTB sea was a real challenge for me, but I learned a lot along the way.

This machine is all about web enumeration. — deceptively simple yet quite intricate at the same time.

Gaining root wasn’t straightforward either. Make sure you know how to use BurpSuite before tacking this one down.

Try to use as less hints as possible. And enjoy the writeup!

Initial Enumeration

┌──(kali㉿kali)-[~/Documents/HTB/sea]
└─$ sudo nmap -p- -Pn -n - open -vvv -oG openPorts 10.129.156.122
[sudo] password for kali: 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025–02–04 11:24 CST
Initiating SYN Stealth Scan at 11:24
Scanning 10.129.156.122 [65535 ports]
Discovered open port 80/tcp on 10.129.156.122
Discovered open port 22/tcp on 10.129.156.122
Completed SYN Stealth Scan at 11:25, 19.67s elapsed (65535 total ports)
Nmap scan report for 10.129.156.122
Host is up, received user-set (0.071s latency).
Scanned at 2025–02–04 11:24:44 CST for 20s
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 63
80/tcp open http syn-ack ttl 63
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 19.78 seconds
 Raw packets sent: 65552 (2.884MB) | Rcvd: 65535 (2.621MB)

──(kali㉿kali)-[~/Documents/HTB/sea]
└─$ sudo nmap -p 22,80 -sCV…