![]() ![]() With access as guest, I’ll find bob is eager to talk to the admin. To start, I’ll construct a HTTP proxy that can abuse an SSRF vulnerability and a HMAC digest oracle to proxy traffic into the inner network and a chat application. Response truly lived up to the insane rating, and was quite masterfully crafted. Hackthebox ctf htb-response nmap linux ffuf subdomain feroxbuster burp burp-repeater burp-proxy hmac oracle foxy-proxy python youtube proxy ssrf socket-io ldap docker ldif ldapadd ldappasswd chatgpt wireshark forensics cross-protocol-request-forgery cprf xp-ssrf javascript htb-luke ftp directory-traversal python-https certificate openssl dns smtp python-smptd virus-total meterpreter crypto mettle bulk-extractor openssh partial-ssh-key rsa rsactftool The second is abusing the disabled Bash builtin [. ![]() The first is a find command that is called without the full path. For privesc, the user can run a script as root, and there are two ways to get execution from this. There’s a command injection vulnerability in the panel, which I’ll use to get execution and a shell. I’ll find credentials in a JavaScript file, and use those to get access to an image manipulation panel. Photobomb was on the easy end of HackTheBox weekly machines. Htb-photobomb ctf hackthebox bash bash-test nmap feroxbuster image-magick command-injection injection burp burp-repeater path-hijack bash-builtins ![]() In Beyond Root, I’ll look at a mistake that allowed for skipping a large part of this box. Then I’ll abuse unicode characters to slip more characters than allowed into a hashing program, and use that to brute force a secret salt, allowing me to crash the root hash. From the host, I’ll first exploit Python itself to get execution as the next user. From there I can leak the flask secret key and get into another user’s account, where I’ll find a misconfiguration that allows me to escape the container’s jail and read the user’s private SSH key. From inside a container, I can reach a dev instance and an API that effectively let’s me apply a given regex to a file on the filesystem, which I’ll turn into a file read exploit with some Python scripting. I’ll start by exploiting an IDOR vulnerability to leak hashes, cracking one and getting access to a website that manages containers. It’s got a lot of enumerating and fuzzing to find next steps and a fair amount of programming required to solve. RainyDay is a different kind of machine from HackTheBox. Hackthebox ctf htb-rainyday nmap ffuf subdomain docker container feroxbuster idor john chisel foxyproxy socks proxychains api flask flask-cookie python python-requests youtube flask-unsign jail python-use-after-free unicode emoji john-rules ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |