{"id":278,"date":"2019-01-21T02:28:37","date_gmt":"2019-01-21T02:28:37","guid":{"rendered":"https:\/\/zineausa.com\/blog\/?p=278"},"modified":"2020-02-05T19:20:57","modified_gmt":"2020-02-05T19:20:57","slug":"hackthebox-secnotes-writeup","status":"publish","type":"post","link":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/","title":{"rendered":"Hackthebox – SecNotes Writeup"},"content":{"rendered":"\n

This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1\/19\/19! <\/p>\n\n\n\n

Summary<\/h2>\n\n\n\n

Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting.<\/p>\n\n\n\n

Enumeration<\/h2>\n\n\n\n

As always, our first step is enumeration. We use the following command in nmap to find open ports (-sV scans for versions, -sC runs some common scripts, and -Pn skips the check to make sure the host is up via Ping):<\/p>\n\n\n\n

nmap -sC -sV -Pn 10.10.10.97<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

After this has been run, I always suggest running a full nmap scan in the background, which will reveal another port 8808 open<\/p>\n\n\n\n

nmap -p- -T4 -A -v 10.10.10.97<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Sql Injection<\/h2>\n\n\n\n

We could try to use enum4linux to scan the SMB but instead we will be going straight to the website hosted at 10.10.10.97<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

We register with a random account and login to try and find some notes, but there are none.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Trying some sql injection on the login page doesn’t seem to work, so we try something called second order sql injection, which is pretty much doing injection on the registration page, hoping that something in the back-end will allow the injection later (in this case, we hope the app will show us someone else’s notes).<\/p>\n\n\n\n

In this case, we register with:<\/p>\n\n\n\n

username: hello’ or ‘1’=’1
password: password<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Logging in with this new account shows us someone else’s notes, interesting:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Reverse Shell for User Flag<\/h2>\n\n\n\n

Now remember that nmap scan we did at the very start, and we found port 445 open? Let’s use these new creds to try and access a share with smb:<\/p>\n\n\n\n

smbclient \/\/10.10.10.97\/new-site -U tyler -W secnotes.htb<\/p>\n\n\n\n

It will prompt for the password so use the password we got from the notes earlier. Typing “dir” will list the contents, and this looks awfully similar to the output we get from trying to access 10.10.10.97:8808<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Let’s go for the reverse shell. We will be using the following php file, make sure to replace the IP with the IP of your kali machine. Name this file php.php or something.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Now, upload the php file we made and nc.exe (we got our here<\/a>)<\/u> by downloading it into \/www and typing the following commands:<\/p>\n\n\n\n

lcd \/www
put php.php
put nc.exe<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

now let’s listen on port 7734<\/p>\n\n\n\n

nc -lvnp 7734<\/p>\n\n\n\n

Let’s now kick off our php file by browsing to 10.10.10.97:8808\/php.php<\/p>\n\n\n\n

This should get us a reverse shell like:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Running the command whoami shows that we are tyler, so let’s go to his folder at c:\\users\\tyler\\desktop. Read the user.txt file to get user flag:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Getting Root Flag<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

We find a weird link to bash.. which is weird since this is a windows machine. When we try to run the link it seems to be a broken link, so let’s find the executable by typing the following commands:<\/p>\n\n\n\n

cd c:\\
dir \/s bash.exe<\/em><\/p>\n\n\n\n

We find it here so let’s run it:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

c:\\Windows\\WinSxS\\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.17134.1_none_251beae725bc7de5\\bash.exe<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Ah cool.. looks like we have root access to some linux terminal within windows, pretty awesome!<\/p>\n\n\n\n

We go to the home directory by using cd ~ and cat the .bash history to find some creds:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Looks like these are the admin creds to the machine. Let’s mount the C drive with smbclient and we will have the root flag:<\/p>\n\n\n\n

smbclient -U ‘administrator%u6!4ZwgwOM#^OBf#Nwnh’ \/\/10.10.10.97\/c$
lcd \/www
cd users\/administrator\/desktop
get root.txt
exit
cat \/www\/root.txt<\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1\/19\/19! Summary Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting. Enumeration As always, our first step is enumeration. We use the following command in nmap […]<\/p>\n","protected":false},"author":1,"featured_media":576,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,6],"tags":[],"class_list":["post-278","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackthebox","category-writeups"],"yoast_head":"\nHackthebox - SecNotes Writeup - Zinea InfoSec Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackthebox - SecNotes Writeup - Zinea InfoSec Blog\" \/>\n<meta property=\"og:description\" content=\"This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1\/19\/19! Summary Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting. Enumeration As always, our first step is enumeration. We use the following command in nmap […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/\" \/>\n<meta property=\"og:site_name\" content=\"Zinea InfoSec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/zineausa\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-21T02:28:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-05T19:20:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/01\/1_luv67Hf76w4riMMRoSuRpg.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1192\" \/>\n\t<meta property=\"og:image:height\" content=\"758\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Zinea\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ZineaLLC\" \/>\n<meta name=\"twitter:site\" content=\"@ZineaLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zinea\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/\"},\"author\":{\"name\":\"Zinea\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/person\\\/e3c58d4f0650f7fb571c01fcf836b1d0\"},\"headline\":\"Hackthebox – SecNotes Writeup\",\"datePublished\":\"2019-01-21T02:28:37+00:00\",\"dateModified\":\"2020-02-05T19:20:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/\"},\"wordCount\":593,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/1_luv67Hf76w4riMMRoSuRpg.png\",\"articleSection\":[\"HackTheBox\",\"Writeups\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/\",\"name\":\"Hackthebox - SecNotes Writeup - Zinea InfoSec Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/1_luv67Hf76w4riMMRoSuRpg.png\",\"datePublished\":\"2019-01-21T02:28:37+00:00\",\"dateModified\":\"2020-02-05T19:20:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#primaryimage\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/1_luv67Hf76w4riMMRoSuRpg.png\",\"contentUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/1_luv67Hf76w4riMMRoSuRpg.png\",\"width\":1192,\"height\":758},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/01\\\/hackthebox-secnotes-writeup\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackthebox – SecNotes Writeup\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\",\"name\":\"Zinea InfoSec Blog\",\"description\":\"Cyber Security Resources\",\"publisher\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\",\"name\":\"Zinea LLC\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/zinea-square.png\",\"contentUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/zinea-square.png\",\"width\":876,\"height\":876,\"caption\":\"Zinea LLC\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/zineausa\\\/\",\"https:\\\/\\\/x.com\\\/ZineaLLC\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/person\\\/e3c58d4f0650f7fb571c01fcf836b1d0\",\"name\":\"Zinea\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"caption\":\"Zinea\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackthebox - SecNotes Writeup - Zinea InfoSec Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/","og_locale":"en_US","og_type":"article","og_title":"Hackthebox - SecNotes Writeup - Zinea InfoSec Blog","og_description":"This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1\/19\/19! Summary Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting. Enumeration As always, our first step is enumeration. We use the following command in nmap […]","og_url":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/","og_site_name":"Zinea InfoSec Blog","article_publisher":"https:\/\/www.facebook.com\/zineausa\/","article_published_time":"2019-01-21T02:28:37+00:00","article_modified_time":"2020-02-05T19:20:57+00:00","og_image":[{"width":1192,"height":758,"url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/01\/1_luv67Hf76w4riMMRoSuRpg.png","type":"image\/png"}],"author":"Zinea","twitter_card":"summary_large_image","twitter_creator":"@ZineaLLC","twitter_site":"@ZineaLLC","twitter_misc":{"Written by":"Zinea","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#article","isPartOf":{"@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/"},"author":{"name":"Zinea","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/person\/e3c58d4f0650f7fb571c01fcf836b1d0"},"headline":"Hackthebox – SecNotes Writeup","datePublished":"2019-01-21T02:28:37+00:00","dateModified":"2020-02-05T19:20:57+00:00","mainEntityOfPage":{"@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/"},"wordCount":593,"commentCount":0,"publisher":{"@id":"https:\/\/zineausa.com\/blog\/#organization"},"image":{"@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#primaryimage"},"thumbnailUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/01\/1_luv67Hf76w4riMMRoSuRpg.png","articleSection":["HackTheBox","Writeups"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/","url":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/","name":"Hackthebox - SecNotes Writeup - Zinea InfoSec Blog","isPartOf":{"@id":"https:\/\/zineausa.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#primaryimage"},"image":{"@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#primaryimage"},"thumbnailUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/01\/1_luv67Hf76w4riMMRoSuRpg.png","datePublished":"2019-01-21T02:28:37+00:00","dateModified":"2020-02-05T19:20:57+00:00","breadcrumb":{"@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#primaryimage","url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/01\/1_luv67Hf76w4riMMRoSuRpg.png","contentUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/01\/1_luv67Hf76w4riMMRoSuRpg.png","width":1192,"height":758},{"@type":"BreadcrumbList","@id":"https:\/\/zineausa.com\/blog\/2019\/01\/hackthebox-secnotes-writeup\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zineausa.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Hackthebox – SecNotes Writeup"}]},{"@type":"WebSite","@id":"https:\/\/zineausa.com\/blog\/#website","url":"https:\/\/zineausa.com\/blog\/","name":"Zinea InfoSec Blog","description":"Cyber Security Resources","publisher":{"@id":"https:\/\/zineausa.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zineausa.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zineausa.com\/blog\/#organization","name":"Zinea LLC","url":"https:\/\/zineausa.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2018\/05\/zinea-square.png","contentUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2018\/05\/zinea-square.png","width":876,"height":876,"caption":"Zinea LLC"},"image":{"@id":"https:\/\/zineausa.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/zineausa\/","https:\/\/x.com\/ZineaLLC"]},{"@type":"Person","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/person\/e3c58d4f0650f7fb571c01fcf836b1d0","name":"Zinea","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","caption":"Zinea"}}]}},"_links":{"self":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/comments?post=278"}],"version-history":[{"count":3,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/278\/revisions"}],"predecessor-version":[{"id":577,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/278\/revisions\/577"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/media\/576"}],"wp:attachment":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/media?parent=278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/categories?post=278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/tags?post=278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}