<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CMS on Nabil Kara — CTF Writeups</title><link>https://nabilkara.github.io/tags/cms/</link><description>Recent content in CMS on Nabil Kara — CTF Writeups</description><generator>Hugo</generator><language>en</language><lastBuildDate>Wed, 03 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://nabilkara.github.io/tags/cms/index.xml" rel="self" type="application/rss+xml"/><item><title>Facts - Hack The Box machine</title><link>https://nabilkara.github.io/posts/htb/facts/</link><pubDate>Wed, 03 Jun 2026 00:00:00 +0000</pubDate><guid>https://nabilkara.github.io/posts/htb/facts/</guid><description>&lt;ul>
&lt;li>
&lt;p>Difficulty: Easy&lt;/p>
&lt;/li>
&lt;li>
&lt;p>OS: Linux&lt;/p>
&lt;/li>
&lt;li>
&lt;p>Author: LazyTitan333&lt;/p>
&lt;/li>
&lt;/ul>
&lt;p>&lt;img src="https://nabilkara.github.io/posts/htb/facts/solved.png" alt="">&lt;/p>
&lt;p>An initial nmap scan reveals two open ports : &lt;code>80&lt;/code> (HTTP) and &lt;code>23&lt;/code> (SSH)&lt;/p>
&lt;p>&lt;img src="https://nabilkara.github.io/posts/htb/facts/pasted-image-20260602233327.png" alt="">&lt;/p>
&lt;p>We start by exploring the web page :
&lt;img src="https://nabilkara.github.io/posts/htb/facts/pasted-image-20260602233347.png" alt="">&lt;/p>
&lt;p>If we click &lt;code>Start Exploring&lt;/code> we see a couple of facts , a search bar and a comments section. I browsed the facts and found nothing useful , except that the comments profiles are potential SSH usernames.
We opt for directory enumeration ,for instance, we can use ffuf :&lt;/p></description></item></channel></rss>