Skip to main content
  1. HTB: HackTheBox Season 10/

HackTheBox: Silentium

·1 min·
Arbaaz Jamadar
Author
Arbaaz Jamadar
Table of Contents

Initial Enumeration:
#

Port Scan:
#

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 9.6p1 Ubuntu 3ubuntu13.15 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 0c:4b:d2:76:ab:10:06:92:05:dc:f7:55:94:7f:18:df (ECDSA)
|_  256 2d:6d:4a:4c:ee:2e:11:b6:c8:90:e6:83:e9:df:38:b0 (ED25519)
80/tcp open  http    nginx 1.24.0 (Ubuntu)
|_http-title: Silentium | Institutional Capital & Lending Solutions
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|router
Running: Linux 4.X|5.X, MikroTik RouterOS 7.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 cpe:/o:mikrotik:routeros:7 cpe:/o:linux:linux_kernel:5.6.3
OS details: Linux 4.15 - 5.19, MikroTik RouterOS 7.2 - 7.5 (Linux 5.6.3)
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Subdomain enumeration:
#

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u http://silentium.htb/ -H 'Host: FUZZ.silentium.htb' -fw 6

staging.silentium.htb

image.png

There is a staging subdomain which hosts a low-code LLM agent deployment web application

image.png

Use the FlowiseAI API endpoint to verify The version of FlowiseAI

curl http://staging.silentium.htb/api/v1/version

image.png

Feel free to reachout on LinkedIn or any of my socials in case you need help with the challenge. The full writeup will be released after the box is retired.

image.png

Related

HackTheBox: devarea
·1 min
HackTheBox: Garfield
·2 mins
HackTheBox: kobold
·1 min