Hey guys!! We will see here how to break in for user and system flag in previse from HTB. Let’s jump in :) .

This box’s methodology is simple , we have a hidden directory from which we will pave our path inside and we will further escalate privileges.

Now let’s see the above process in the practical.

First step is to enumerate the target, so after running the nmap scans, we get the target to be particularly a web application having running services on port 80 and 22 as evident from the below snap of nmap results.


knife from HTB

Set up your VPN & let’s dive in ;)

Now let’s run a quick nmap scan for the target machine.

I prefer to run 2 different scans simultaneoulsy which are:

nmap -sC -sV -T4 -p- <IP>

nmap -vv -script vuln -p- <IP>

I won’t go deep to explian but the first command performs the enumeration i.e. tells what services are running on target and which ports are active, while the second one goes to scan for the exploitable vulnerabilities from CVV’s , famous or old exploits like MS17–010 {Eternal Blue}, etc..

So after running these commands i got two outputs…


Hello !! I am Rupesh Kumar This blog is going to be about about why I started studying PTS, what I thought was most helpful, and what I plan to do with the knowledge and skills I’ve gained. Basically it is for the #PTSchallenge by Josh Mason Sir and Cyber Supply Drop , but it can also serve as a guide for new beginners or for those who are planning to take this awesome course.

Feel free to skip first question if you aren’t a beginner.

So starting with the first question why I started studying PTS ?

The answer…

Rupesh Kumar

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store