cat ~fish/config The file contains a password for the root user. We can now switch to the root user and gain full access to the system:
Next, we visit the HTTP service running on port 80: hack fish.io
http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges. cat ~fish/config The file contains a password for
You're interested in writing about Hack The Box's Fish.io, I presume? upon inspecting the page source
http://10.10.10.15 The webpage appears to be a simple website with a " Contact Us" form. However, upon inspecting the page source, we notice a peculiar comment: