Summary
Bucket,a Linux box created by HackTheBox user MrR3boot, was an overall medium difficulty box. Initial foothold was finding credentials in dynamo-db and using that to use that credentials on aws s3
cli. and then we upload a php shell and we get a shell as www-data
and using another credential. we get roy
(user). for Privilege Escalation we find another internal service running on 8000
and checking the code we see it is using pd4ml
to convert an html to pdf. so we can inject and attach some files and download the result.pdf
, using that we can download root
.id_rsa
with that we can ssh and we have pwned the box.