![]() On the host, the user can run sudo to run a Python script, but I can’t see the script. Under the hood, it is using the Python Searchor command line tool, and I’ll find an unsafe eval vulnerability and exploit that to get code execution. Hackthebox htb-busqueda ctf nmap flask ubuntu searchor feroxbuster python-eval command-injection burp burp-repeater password-reuse giteaīusqueda presents a website that gives links to various sites based on user input. In Beyond Root, a quick dive into how the KeePass password was automated. This user is opening their KeePass database, and I’ll use strace to watch them type their password into KeePass CLI, which I can use to recover the root password. From this foothold, I’ll exploit into the container running the site and find more credentials, pivoting to another user. I’ll use this XSS to exploit a NoSQL injection vulnerability in a private site, brute forcing the user’s password and exfiling it back to myself. ![]() Mailroom has a contact us form that I can use to get cross site sripting against an admin user. Htb-mailroom hackthebox ctf nmap ubuntu debian feroxbuster wfuzz gitea subdomain xss nosql-injection nosql-injection-over-xss xsrf command-injection filter keepass strace trace ptrace-scope youtube
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |