Gavel
HackTheBox Gavel machine writeup — reconnaissance and enumeration walkthrough.
Gavel
1) Recon → Attack Surface
1.1 Port sweep & service enumeration
1
nmap -p- -sC -sV -oN nmap_full.txt 10.10.11.97
Expect:
- 22/tcp SSH (OpenSSH)
- 80/tcp HTTP (PHP app)
1.2 Web content discovery
1
2
ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt \
-u http://gavel.htb/FUZZ -e .php -o ffuf_gavel.json -of json
Highlights:
- /admin.php - admin dashboard (auth)
- /inventory.php - inventory (user view)
- /.git/ - exposed VCS repo
Premium Content
The full exploitation walkthrough, privilege escalation, and flags are available exclusively for members.
Unlock Full Writeup → This post is licensed under CC BY 4.0 by the author.