Hackthebox - Late


From the website we get a link to https://images.lazy.htb


Intresting in the looks like it is running on flask

PS: https://medium.com/@amanzishan.az/building-a-flask-web-application-to-extract-text-from-images-3f761f4880d9

So I tried Template Injection payload as an image

And I got the payload working and executed

Created a command injection image as

Create a revershell payload with



Enumerating we see root is running some sendmail

Checking the extra attributes lsattr we see we have append permission

Author: Shubham Kumar
Link: https://f3v3r.in/htb/machines/retired/late/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.