![]() ![]() In Beyond Root, I’ll look at the Flask webserver and how works, and the Firejail config.Ĭtf dfir forensics sherlock-i-like-to hackthebox moveit cve-2023-34362 sqli deserialization metasploit source-code kape memory-dump iis-logs powershell-history event-logs sql-dump webshell awen-webshell asp aspx mftexplorer mftecmd mft evtxecmd jq win-event-4624 win-event-4724 With that access, I can exploit CVE-2022-31214 in Firejail to get root access. Then I’ll modify a Rust program running on a cron as the first user to get back to that user, this time outside the jail. I’ll find creds for the next user in a httpie config. There’s a server-side template injection vulnerability in the verification demo, and I’ll abuse that to get a foothold on Sandworm. The website takes PGP-encrypted messages, and there’s a demo site that allows people to test their encrypting, decrypting, and signing. Sandworm offers the website for a secret intelligence agency. Htb-sandworm ctf hackthebox nmap ubuntu gpg pgp feroxbuster python flask ssti crypto firejail httpie cargo rust source-code cve-2022-31214 I’ll abuse a vulnerability in binwalk to get execution as root. When there’s a file, it runs binwalk on the file to look for executables. There’s a script run by root that’s monitor file uploads using inotifywait. ![]() That database gives a plaintext password that works for SSH. I’ll use that to enumerate the host and pull the SQLite database. ![]() I’ll find an exposed Git repo on the site, and use it to see it’s using a version of Image Magick to do the image reduction that has a file read vulnerability. Pilgrimage starts with a website that reduces image size. Htb-pilgrimage ctf hackthebox nmap debian git gitdumper feroxbuster cve-2022-44268 image-magick pngcrush sqlite inotifywait binwalk cve-2022-4510 file-read ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |