Summary

Faculty is a medium Linux machine that features a PHP web application that uses a library which is
vulnerable to local file inclusion. Exploiting the LFi in this library reveals a password which can be used to log
in as a low-level user called gbyolo over SSH. The user gbyolo has permission to run an npm package
called meta-git as the developer user. The version of the meta-git installed on this box is vulnerable to
code injection, which can be exploited to escalate the privileges to the user developer . The privilege
escalation to root can be performed by exploiting the CAP_SYS_PTRACE capability to inject shellcode into a
process running as root .

THIS IS UNINTENDTED WAY which was patched later on

Summary

Noter was a Medium difficulty Linux box created by kavigihan. Initial Foothold was finding a weak signing key used to sign the session we can modify the session and get ourself VIP access using that we get the ftp credentials and we find a pdf containing hint for ftp admin credential. Logging as ftp_admin we get access to app backup.In backup we find /export_note_local route which take an markdown and export that as pdf. Using the we can get command injection and get access to the box as svc we can get privilege escalation using module injection in mysql.

Summary

Horizontall a easy linux box on Hackthebox created by author wail99, was all about finding CVEs and exploiting it.

WebFrom the website we get a link to https://images.lazy.htb images.lazy.htb Intresting in the looks like it is running on flask PS: https://medium.c ...