![]() I’ll write a command injection payload to get execution as root. To pivot to root, I’ll abuse the website again with symlinks to have it write to a file that I can’t modify, which triggers an email being sent. With that, I’ll locate a backup archive and get a password from a config file that allows for SSH access. In that documentation, I’ll spot an awk injection that leads to a file disclosure vulnerability. I’ll find another API where I can get it to do a SSRF, and read internal documentation about the API. I’ll start by bypassing the auth check, and using that to find an API where I can dump user hashes. ![]() Hackthebox ctf htb-awkward nmap webpack vuejs wfuzz auth-bypass jwt jwt-io burp burp-repeater hashcat ssrf express api express-api awk awk-injection file-read hashcat-jwt python-jwt youtube python-requests xpad pspy mail gtfobins pm2 command-injectionĪwkward involves abusing a NodeJS API over and over again.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |