The second is abusing the disabled Bash builtin [. The first is a find command that is called without the full path. ![]() For privesc, the user can run a script as root, and there are two ways to get execution from this. There’s a command injection vulnerability in the panel, which I’ll use to get execution and a shell. I’ll find credentials in a JavaScript file, and use those to get access to an image manipulation panel. ![]() Photobomb was on the easy end of HackTheBox weekly machines. Htb-photobomb ctf hackthebox bash bash-test nmap feroxbuster image-magick command-injection injection burp burp-repeater path-hijack bash-builtins
0 Comments
Leave a Reply. |