Attacker (Kali): 10.10.14.145
Target: 10.10.11.97
0) Workspace & Tooling
Clean host mapping so tools can use the vhost
echo "10.10.11.97 gavel.htb" | sudo tee -a /etc/hosts
Tools used (deb)
sudo apt update
sudo apt install -y nmap ffuf git netcat-traditional john jq curl \
python3-pip
Python libs
pip install git-dumper requests bs4
1) Recon → Attack Surface
1.1 Port sweep & service enumeration
nmap -p- -sC -sV -oN nmap_full.txt 10.10.11.97
Expect:
22/tcp SSH (OpenSSH)
80/tcp HTTP (PHP app)
1.2 Web content discovery
ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt \
-u http://gavel.htb/FUZZ -e .php -o ffuf_gavel.json -of json
Highlights:
/admin.php - admin dashboard (auth)
/inventory.php - inventory (user view)
/.git/ - exposed VCS repo
🔐 PREMIUM WRITEUP - MEMBERSHIP REQUIRED
This machine is still active in HTB, so the full walkthrough, exploitation path, and flags cannot be publicly released.
But you can access the entire premium writeup right now.
🌟 Get Instant Access
Unlock the complete step-by-step solution, techniques used, notes, and exclusive insights by becoming a member.
Why Go Premium?
Early access to full detailed writeups
Passwords for active CTF solutions
Advanced exploitation techniques
Priority help & faster support
Upgrade once - unlock everything instantly.
💬 Need help while solving?
I’ve got your back - reach out anytime:
Email: [email protected]
Keep hacking, keep learning, keep winning. 🎯
