THIS IS UNINTENDTED WAY which was patched later on
Noter was a Medium difficulty Linux box created by kavigihan. Initial Foothold was finding a weak signing key used to sign the session we can modify the session and get ourself
VIP access using that we get the
ftp credentials and we find a pdf containing hint for
ftp admin credential. Logging as
ftp_admin we get access to app backup.In backup we find
/export_note_local route which take an markdown and export that as pdf. Using the we can get command injection and get access to the box as
svc we can get privilege escalation using module injection in mysql.
Meta was a Medium difficulty Linux box created by Nauten. Initial foothold on the box was to find RCE in
exiftool and uploading the modified image with payload to get a shell we get a shell as
www-data. Running pspy we see an cron running every minute with a script running we upload a modified svg and we get a shell as user. Rooting the box was pretty simple with just modifying the
XDF_CONFIG_HOME and running
neofetch with sudo and we get a shell as root.