Shubham Kumar

Hackthebox - Moderators 2022-11-06|htbmachinesretired|linux-writeup-retired-hackthebox-hard-lfi-magic byte-vdi cracking-brandfolder

Summary

HackTheBox - Moderators is a Hard Linux machine that features a PHP web application that uses a library which is
vulnerable to file upload using which we can get a code execution by uploading a php file. Later we can find a Dev Version of the same application which is a wordpress application and had brandfolder plugin which was vulnerable to an LFI. using which we can upload a custom wp_load.php and execute to get user lexi. Updating wp admin credential we can get john user. From there it was all about mounting an encrypted vdi and getting root credential.

HackTheBox - Trick 2022-10-29|htbmachinesretired|linux-sudo-hackthebox-easy-sqli-LFI-fail2ban

Hackthebox - Trick

Summary

HackTheBox - Trick was a easy Linux machine created by Geiseric. It starts starts with some enumeration to find a virtual host. There’s an SQL injection that allows bypassing the authentication, and reading files from the system. That file read leads to another subdomain, which has a file include. I’ll show how to use that LFI to get execution via mail poisoning, log poisoning, and just reading an SSH key. To escalate to root, I’ll abuse fail2ban.

Hackthebox - Faculty 2022-10-29|htbmachinesretired|linux-writeup-retired-hackthebox-medium-LFI-PHP-password reuse-code injection-meta-git-CAP_SYS_PTRACE

Summary

Faculty is a medium Linux machine that features a PHP web application that uses a library which is
vulnerable to local file inclusion. Exploiting the LFi in this library reveals a password which can be used to log
in as a low-level user called gbyolo over SSH. The user gbyolo has permission to run an npm package
called meta-git as the developer user. The version of the meta-git installed on this box is vulnerable to
code injection, which can be exploited to escalate the privileges to the user developer . The privilege
escalation to root can be performed by exploiting the CAP_SYS_PTRACE capability to inject shellcode into a
process running as root .

HackTheBox - Seventeen 2022-09-25|htbmachinesretired|linux-hackthebox-hard-unintented-rev-shell-cred-reuse-npm-registry

THIS IS UNINTENDTED WAY which was patched later on

HackTheBox - Noter 2022-09-14|htbmachinesretired|writeup-retired-hackthebox-medium-mysql-flask-command injection

Summary

Noter was a Medium difficulty Linux box created by kavigihan. Initial Foothold was finding a weak signing key used to sign the session we can modify the session and get ourself VIP access using that we get the ftp credentials and we find a pdf containing hint for ftp admin credential. Logging as ftp_admin we get access to app backup.In backup we find /export_note_local route which take an markdown and export that as pdf. Using the we can get command injection and get access to the box as svc we can get privilege escalation using module injection in mysql.