We begin by running a Nmap scan on the target IP to identify open ports:
Two open ports are discovered:
We first explore the HTTP service running on port 80. To access it properly, we need to map the IP to a hostname. We add the following line to our /etc/hosts file:
Now visiting http://titanic.htb in the browser shows a basic Titanic-themed site:
Clicking on "Book Ticket" brings up a form that, upon submission, downloads a ticket in .json format.
We intercept the request using Burp Suite Repeater:
It appears the server is fetching a file and returning it in JSON. Let's test for Local File Inclusion (LFI) by modifying the filename to a common Linux file:
