![]() ![]() In Beyond Root, I’ll look at the Flask webserver and how works, and the Firejail config.Ĭtf dfir forensics sherlock-i-like-to hackthebox moveit cve-2023-34362 sqli deserialization metasploit source-code kape memory-dump iis-logs powershell-history event-logs sql-dump webshell awen-webshell asp aspx mftexplorer mftecmd mft evtxecmd jq win-event-4624 win-event-4724 With that access, I can exploit CVE-2022-31214 in Firejail to get root access. ![]() ![]() Then I’ll modify a Rust program running on a cron as the first user to get back to that user, this time outside the jail. I’ll find creds for the next user in a httpie config. There’s a server-side template injection vulnerability in the verification demo, and I’ll abuse that to get a foothold on Sandworm. The website takes PGP-encrypted messages, and there’s a demo site that allows people to test their encrypting, decrypting, and signing. Sandworm offers the website for a secret intelligence agency. Htb-sandworm ctf hackthebox nmap ubuntu gpg pgp feroxbuster python flask ssti crypto firejail httpie cargo rust source-code cve-2022-31214 I’ll abuse a vulnerability in binwalk to get execution as root. When there’s a file, it runs binwalk on the file to look for executables. There’s a script run by root that’s monitor file uploads using inotifywait. That database gives a plaintext password that works for SSH. I’ll use that to enumerate the host and pull the SQLite database. I’ll find an exposed Git repo on the site, and use it to see it’s using a version of Image Magick to do the image reduction that has a file read vulnerability. Pilgrimage starts with a website that reduces image size. Htb-pilgrimage ctf hackthebox nmap debian git gitdumper feroxbuster cve-2022-44268 image-magick pngcrush sqlite inotifywait binwalk cve-2022-4510 file-read ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |