{"id":323,"date":"2019-02-17T06:38:52","date_gmt":"2019-02-17T06:38:52","guid":{"rendered":"https:\/\/zineausa.com\/blog\/?p=323"},"modified":"2020-02-05T19:20:05","modified_gmt":"2020-02-05T19:20:05","slug":"hackthebox-ypuffy-writeup","status":"publish","type":"post","link":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/","title":{"rendered":"Hackthebox \u2013 Ypuffy Writeup"},"content":{"rendered":"\n

This is a write-up for the Ypuffy machine on hackthebox.eu which was retired on 2\/9\/19! <\/p>\n\n\n\n

Step 1: Enumeration<\/h2>\n\n\n\n

Like usual, let’s start with a quick nmap to see what ports are open:<\/p>\n\n\n\n

nmap -sC -sV -oA nmap1.txt -Pn 10.10.10.107<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

First we attempt to browse to port 80 like usual, but we get a “the connection was reset” error:<\/p>\n\n\n\n

\"\"

<\/figcaption><\/figure>\n\n\n\n

Step 2: Getting User Flag<\/h2>\n\n\n\n

The nmap indicated port 389 was open with “anonymous bind ok”, so we google that and find this article:<\/p>\n\n\n\n

https:\/\/www.splunk.com\/blog\/2009\/07\/30\/ldapsearch-is-your-friend.html<\/a><\/p>\n\n\n\n

Based on the article above, and the nmap results, we run the following command to enumerate ldap:<\/p>\n\n\n\n

ldapsearch -h 10.10.10.107 -p 389 -x -b “dc=hackthebox,dc=htb”<\/p>\n\n\n\n

We get a lot of output, including the following lines:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

SambaNTPassword looks promising so let’s try to list samba shares with that:<\/p>\n\n\n\n

smbclient –pw-nt-hash -U alice1978%0B186E661BBDBDCF6047784DE8B9FD8B -L 10.10.10.107<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Nice, that got us some shares so let’s mount the alice share with:<\/p>\n\n\n\n

smbclient –pw-nt-hash -U alice1978%0B186E661BBDBDCF6047784DE8B9FD8B \/\/10.10.10.107\/alice<\/p>\n\n\n\n

Type ls to see the files on the server, then we use the “lcd” command to change the local directory on our kali machine, and then we use the “get” command to download the file like so:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Now, back on the local machine let’s convert this to a key we can SSH with using:<\/p>\n\n\n\n

puttygen my_private_key.ppk -O private-openssh -o alice.key<\/p>\n\n\n\n

Then, let’s SSH in with the key we just got:<\/p>\n\n\n\n

ssh alice1978@10.10.10.107 -i alice.key<\/p>\n\n\n\n

This gets us the user flag!<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Step 3: Getting Root flag<\/h2>\n\n\n\n

Intended way:<\/u><\/strong><\/p>\n\n\n\n

So this is an OpenBSD system and the sudo equivalent here is “doas”, so we take a look at the \/etc\/doas.conf file to see that we have access to run \/usr\/bin\/ssh-keygen as userca:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Since this is related to ssh, let’s take a look at the SSH config file at \/etc\/ssh\/sshd_conf<\/p>\n\n\n\n

cat \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
We see an interesting line here, which seems to relate to the automated authorization of ssh keys! let’s see if we can exploit this.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Don’t be afraid to try urls, so let’s try that second command with the username root:<\/p>\n\n\n\n
curl ‘http:\/\/127.0.0.1\/sshauth?type=principals&username=root’<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Interesting, that looks like a password to me.

<\/p>\n\n\n\n
Seems like we will need to generate a ssh key first, so let’s run ssh-keygen:<\/p>\n\n\n\n
\"\"

<\/figcaption><\/figure>\n\n\n\n
Now, let’s use that SSH key as an input to the doas command we discovered earlier to generate key with the root password:<\/p>\n\n\n\n
doas -u userca \/usr\/bin\/ssh-keygen -s \/home\/userca\/ca -I test -n 3m3rgencyB4ckd00r \/tmp\/test<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Now, let’s use this pub key as the authorized keys file and then ssh in as root@localhost, which gets us the root flag!<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
The way we did it the first time (unintended easy way):<\/u><\/strong><\/p>\n\n\n\n
Let’s check the kernel:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
We google for openbsd 6.3 exploits and click the second result<\/a>:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
We copy the exploit to the machine with into the tmp folder with vim and paste it in and save it as test.py<\/p>\n\n\n\n
Now we chmod +x test.py to make sure it is executable and run the exploit with:<\/p>\n\n\n\n
.\/test.py<\/p>\n\n\n\n
Wait a few minutes and we have the root flag:<\/p>\n\n\n\n
\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
This is a write-up for the Ypuffy machine on hackthebox.eu which was retired on 2\/9\/19! Step 1: Enumeration Like usual, let’s start with a quick nmap to see what ports are open: nmap -sC -sV -oA nmap1.txt -Pn 10.10.10.107 First we attempt to browse to port 80 like usual, but we get a “the connection […]<\/p>\n","protected":false},"author":1,"featured_media":574,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,6],"tags":[],"class_list":["post-323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackthebox","category-writeups"],"yoast_head":"\nHackthebox \u2013 Ypuffy Writeup - Zinea InfoSec Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackthebox \u2013 Ypuffy Writeup - Zinea InfoSec Blog\" \/>\n<meta property=\"og:description\" content=\"This is a write-up for the Ypuffy machine on hackthebox.eu which was retired on 2\/9\/19! Step 1: Enumeration Like usual, let’s start with a quick nmap to see what ports are open: nmap -sC -sV -oA nmap1.txt -Pn 10.10.10.107 First we attempt to browse to port 80 like usual, but we get a “the connection […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/\" \/>\n<meta property=\"og:site_name\" content=\"Zinea InfoSec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/zineausa\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-17T06:38:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-05T19:20:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/02\/0.png\" \/>\n\t<meta property=\"og:image:width\" content=\"597\" \/>\n\t<meta property=\"og:image:height\" content=\"377\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Zinea\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ZineaLLC\" \/>\n<meta name=\"twitter:site\" content=\"@ZineaLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zinea\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/\"},\"author\":{\"name\":\"Zinea\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/person\\\/e3c58d4f0650f7fb571c01fcf836b1d0\"},\"headline\":\"Hackthebox \u2013 Ypuffy Writeup\",\"datePublished\":\"2019-02-17T06:38:52+00:00\",\"dateModified\":\"2020-02-05T19:20:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/\"},\"wordCount\":549,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/0.png\",\"articleSection\":[\"HackTheBox\",\"Writeups\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/\",\"name\":\"Hackthebox \u2013 Ypuffy Writeup - Zinea InfoSec Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/0.png\",\"datePublished\":\"2019-02-17T06:38:52+00:00\",\"dateModified\":\"2020-02-05T19:20:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#primaryimage\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/0.png\",\"contentUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/0.png\",\"width\":597,\"height\":377},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2019\\\/02\\\/hackthebox-ypuffy-writeup\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackthebox \u2013 Ypuffy Writeup\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\",\"name\":\"Zinea InfoSec Blog\",\"description\":\"Cyber Security Resources\",\"publisher\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\",\"name\":\"Zinea LLC\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/zinea-square.png\",\"contentUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/zinea-square.png\",\"width\":876,\"height\":876,\"caption\":\"Zinea LLC\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/zineausa\\\/\",\"https:\\\/\\\/x.com\\\/ZineaLLC\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/person\\\/e3c58d4f0650f7fb571c01fcf836b1d0\",\"name\":\"Zinea\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"caption\":\"Zinea\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackthebox \u2013 Ypuffy Writeup - Zinea InfoSec Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/","og_locale":"en_US","og_type":"article","og_title":"Hackthebox \u2013 Ypuffy Writeup - Zinea InfoSec Blog","og_description":"This is a write-up for the Ypuffy machine on hackthebox.eu which was retired on 2\/9\/19! Step 1: Enumeration Like usual, let’s start with a quick nmap to see what ports are open: nmap -sC -sV -oA nmap1.txt -Pn 10.10.10.107 First we attempt to browse to port 80 like usual, but we get a “the connection […]","og_url":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/","og_site_name":"Zinea InfoSec Blog","article_publisher":"https:\/\/www.facebook.com\/zineausa\/","article_published_time":"2019-02-17T06:38:52+00:00","article_modified_time":"2020-02-05T19:20:05+00:00","og_image":[{"width":597,"height":377,"url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/02\/0.png","type":"image\/png"}],"author":"Zinea","twitter_card":"summary_large_image","twitter_creator":"@ZineaLLC","twitter_site":"@ZineaLLC","twitter_misc":{"Written by":"Zinea","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#article","isPartOf":{"@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/"},"author":{"name":"Zinea","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/person\/e3c58d4f0650f7fb571c01fcf836b1d0"},"headline":"Hackthebox \u2013 Ypuffy Writeup","datePublished":"2019-02-17T06:38:52+00:00","dateModified":"2020-02-05T19:20:05+00:00","mainEntityOfPage":{"@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/"},"wordCount":549,"commentCount":0,"publisher":{"@id":"https:\/\/zineausa.com\/blog\/#organization"},"image":{"@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#primaryimage"},"thumbnailUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/02\/0.png","articleSection":["HackTheBox","Writeups"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/","url":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/","name":"Hackthebox \u2013 Ypuffy Writeup - Zinea InfoSec Blog","isPartOf":{"@id":"https:\/\/zineausa.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#primaryimage"},"image":{"@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#primaryimage"},"thumbnailUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/02\/0.png","datePublished":"2019-02-17T06:38:52+00:00","dateModified":"2020-02-05T19:20:05+00:00","breadcrumb":{"@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#primaryimage","url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/02\/0.png","contentUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2019\/02\/0.png","width":597,"height":377},{"@type":"BreadcrumbList","@id":"https:\/\/zineausa.com\/blog\/2019\/02\/hackthebox-ypuffy-writeup\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zineausa.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Hackthebox \u2013 Ypuffy Writeup"}]},{"@type":"WebSite","@id":"https:\/\/zineausa.com\/blog\/#website","url":"https:\/\/zineausa.com\/blog\/","name":"Zinea InfoSec Blog","description":"Cyber Security Resources","publisher":{"@id":"https:\/\/zineausa.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zineausa.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zineausa.com\/blog\/#organization","name":"Zinea LLC","url":"https:\/\/zineausa.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2018\/05\/zinea-square.png","contentUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2018\/05\/zinea-square.png","width":876,"height":876,"caption":"Zinea LLC"},"image":{"@id":"https:\/\/zineausa.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/zineausa\/","https:\/\/x.com\/ZineaLLC"]},{"@type":"Person","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/person\/e3c58d4f0650f7fb571c01fcf836b1d0","name":"Zinea","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","caption":"Zinea"}}]}},"_links":{"self":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/comments?post=323"}],"version-history":[{"count":3,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/323\/revisions"}],"predecessor-version":[{"id":575,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/323\/revisions\/575"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/media\/574"}],"wp:attachment":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/media?parent=323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/categories?post=323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/tags?post=323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}