GiveBack
HackTheBox GiveBack machine writeup — reconnaissance and enumeration walkthrough.
0 — Preparation on Attacker
Environment Setup
Add a convenient hosts entry (optional):
1
echo "10.10.11.94 giveback.htb" | sudo tee -a /etc/hosts
Why this matters: While you can work directly with the IP address, using the hostname makes commands more readable and matches the certificate/virtual host configuration that WordPress may require.
Open multiple terminal panes and keep listeners ready. Replace ATTACKER_IP below with your machine IP (e.g. 10.10.14.81).
Pro tip: Use tmux or screen to manage multiple shells simultaneously. You’ll need at least three terminal windows: one for listeners, one for executing exploits, and one for notes/monitoring.
1 — Recon (Quick Commands)
Network Service Discovery
Nmap to discover services (example):
1
nmap -sV -A 10.10.11.94 -oA nmap/giveback
What to look for:
- Port 80/443 (HTTP/HTTPS) running WordPress
- Any unusual high-numbered ports that might indicate internal services
- Version numbers of web servers (Apache, nginx) that might have known vulnerabilities
- Response timing that suggests firewalls or IDS/IPS systems
Premium Content
The full exploitation walkthrough, privilege escalation, and flags are available exclusively for members.
Unlock Full Writeup →