![]() ![]() That user is able to create and start services, which I’ll abuse to get root. To get to the next user I’ll install a malicious git hook. With that repo, I’ll identify a new web URL that has a local file include vulnerability, and leverage a server-side request forgery to hit that and get execution using php filter injection. Hackthebox htb-encoding ctf nmap php file-read lfi feroxbuster wfuzz subdomain ssrf filter php-filter-injection youtube source-code git git-manual gitdumper python flask proxy uri-structure burp burp-repeater git-hooks systemd service chatgpt parse_urlĮncoding centered around a web application where I’ll first identify a file read vulnerability, and leverage that to exfil a git repo from a site that I can’t directly access. Finally, I find a piece of malware that runs as root and understand it to get execution. Then I find a set of Windows event logs, and analyze them to extract a password. I’ll dig into that vulnerability, and then exploit it to get a foothold. Investigation starts with a website that accepts user uploaded images and runs Exiftool on them. Ctf hackthebox htb-investigation nmap php exiftool feroxbuster cve-2022-23935 command-injection youtube perl event-logs msgconvert mutt mbox evtx-dump jq ghidra reverse-engineering race-condition
0 Comments
Leave a Reply. |