top of page
Image by Blake Cheek
  • Writer's pictureBeri Contraster

Shoppy - HackTheBox Walkthrough

Linux . Easy

Created by lockscan

 Released on 17 Sep 2022

Welcome Reader, Today we'll hack Shoppy from HackTheBox. It is an easy Linux machine. Let's start with an Nmap scan.

Nmap Scan

There are three ports open on this Debian box. Going over to port 80 redirects to shoppy.htb.

Let's quickly add it to /etc/hosts.

Refresh the site.

Nothing is interesting on the website. Let's do directory fuzzing with gobuster.

Login Bypass

We discovered a login panel. This website uses Node Js and Node Js use Mongo DB which is a NoSQL database. We can try the following code to bypass the login page.

This one successfully bypassed the login page.

We can search for other users here. We can use the following command which will list all the users from Shoppy App.

We can click on "Download export" to view the users.

Hash Cracking

We can use Crackstation to crack these MD5 hashes.

We successfully cracked Josh's hash. I tried logging into SSH using these credentials but no luck. Let's try subdomain fuzzing using Fuff.

Let's add this to /etc/hosts.

After logging in I read through channels and found the credentials of user Jaeger.

Let's try logging into SSH with these credentials.


I successfully logged into the box with these credentials.

We can execute the following binary as a user Deploy.

This is a password manager but we don't have the master password. Let's try strings on this binary.

It only displays a word sample. I think it's the password.

It was indeed the password. We successfully retrieved password of Deploy user.


This user is part of the Docker group. We can use these privileges to pop a root shell. Let's see what docker images we have.

There is an Alpine image. We can now mount this image to the /root directory of the host file system onto the /mnt directory of the container's file system.

We are now rooted in the box. Thanks for reading.

-- bericontraster.

3 views0 comments

Recent Posts

See All


bottom of page