Armaxis

(Very Easy Web Challenge)

UpdatedSeptember 17, 2025

Armaxis

MOHIT SINGH PAPOLA

Part of seriesHTB CHALLENGES

OVERVIEW

So Let’s Open the instances and checkout the web pages and Downloaded files

Lets see website with port no 55423 first:

It have Register, Login and Forgot Password Functionality so now let’s checkout second port no 39739

In here we can see an email test@email.htb so let’s use this email and register in first web page as we have this email we will get the email of this user

So It got successfully registered Now Let’s try changing its password through forgot password functionality and see if the code arrives or not in the email.

But Before that Let’s Check Downloaded Files To Find Something Useful

Here we can see in database.js we get an admin email admin@armaxis.htb so now let’s try to register or login through it.

It showed it is already registered . Hmm Let’s move on further and will come back later

Now Lets try to forget password of test@email.htb account

Let’s Request the code and see whether we will receive the code or not

And Yeah !! we got the token for resetting the password for test@email.htb user.

But Wait a minute

We should try using this token to reset the admin account password , It might work so ….

So Now Enter The test user code/token and try resetting admin password

BOOM!! It worked and the password got resetted and now let’s login with the above new password we had setted

And Here we are in the /weapons directory now lets checkout Dispatch Weapons Function

Hmm There is a word Markdown here in Note section which reminds me of marksdow.js in Downloaded files so lets check it out

Let’s Send this portion of code to ChatGpt and see what does it say:

Ooh We got to know that it is a command injection vulnerability and leads to RCE (Remote Code Execution)

Let’s try to get /etc/passwd from the above dispatch weapon tab

"![url](file:///etc/passwd)"

Now Let’s Dispatch Weapon and check on Home Tab

Here as you can see we got and Embedded Image Now Let’s Download this image from source code of this website

Now Let’s See the file contents what we got:

Here we go we got /etc/passwd content now let’s create same payload to get the flag.

"![url](file:///flag.txt)"

Now Let’s Dispatch it also the same way and check the Home tab :

Again we got the embedded image now lets download it also from the source code of this page

After Downloading Let’s See The File Contents

Here We Go !!
We got the flag for this challenge

WE FINALLY DID IT !!!! CHALLENGE SOLVED !!

For Any Query Or Problem Either Leave A Comment Or Contact At reapsec.com

THANKS FOR READING !!!

#armaxis #armaxis-htb #armaxis-hack-the-box-writeups #hackthebox #challenges #writeups #walkthrough #htb #htb-challenges

Comments

Join the discussion

No comments yet. Be the first to comment.

HTB CHALLENGES

Part 12 of 13

In this series i will provide you HTB Retired challenges Full Walkthrough of various categories. Hope You Will Like It !!

NeoVault

(Very Easy Web Challenge HTB)

More from this blog

AirTouch

(Medium Linux)

AirTouch

Outdated

(Medium , Windows)

Outdated

Vintage

(Hard , Windows)

Vintage

Manager

(Windows , Medium)

Manager

ColddBox: Easy Room on TryHackMe: Complete Walkthrough and Guide

LINK - https://tryhackme.com/room/colddboxeasy OVERVIEW We are given an IP Address Let’s scan it using NMAP ENUMERATION So we have two open ports PORT 80 and PORT 4512 of web and ssh respectivelyAlso we can see the website is running WordPress 4.1...

ColddBox: Easy Room on TryHackMe: Complete Walkthrough and Guide

R

REAPSEC

27 posts

YOU REAP WHAT YOU SOW!!