In Beyond Root, I’ll look at an unintended abuse of another cleanup script and how symbolic links could (before the box was patched) be used to overwrite and change the ownership of arbitrary files. To escalate, I’ll abuse a cleanup script with Arithmetic Expression Injection, which abuses the ] syntax in Bash scripts. I’ll exploit a vulnerability in DomPDF to get a font file into a predictable location, and poison that binary file with a PHP webshell. Interface starts with a site and an API that, after some fuzzing / enumeration, can be found to offer an endpoint to upload HTML and get back a PDF, converted by DomPDF. Htb-interface hackthebox ctf nmap ubuntu next-js feroxbuster subdomain api ffuf dompdf php cve-2022-28368 webshell upload pspy arithmetic-expression-injection quoted-expressinion-injection exiftool symbolic-link
Minecraft crack v1.0 password pdf#
In Beyond Root, I’ll explore the Ruby web application, how it’s hosted, and fix the bug that doesn’t allow me to fetch a PDF of the page itself. To get to root, I’ll exploit a yaml deserialization vulnerability in a script meant to manage dependencies. Then I’ll find creds in a Ruby Bundler configuration file to get to user.
I’ll use the metadata from the resulting PDF to identify the technology in use, and find a command injection exploit to get a foothold on the box. It starts with a simple web page that takes a URL and generates a PDF. Precious is on the easier side of boxes found on HackTheBox. Ctf hackthebox htb-precious nmap subdomain ffuf ruby phusion passenger nginx exiftool pdfkit feroxbuster cve-2022-25765 command-injection bundler yaml-deserialization youtube
0 kommentar(er)
