![]() ![]() Next I’ll abuse meta-git to get a shell as the next user. I’ll find a password for the database connection in the web files that is also used for a user account on the box. ![]() I’ll abuse SQL injection to bypass authentication, and then a mPDF vulenrability to read files from disk. Htb-faculty ctf hackthebox nmap php feroxbuster sqli sqli-bypass auth-bypass sqlmap mpdf cyberchef burp burp-repeater file-read password-reuse credentials meta-git command-injection gdb ptrace capabilities python msfvenom shellcodeįaculty starts with a very buggy school management web application. To escalate to root, I’ll abuse fail2ban. I’ll show how to use that LFI to get execution via mail poisoning, log poisoning, and just reading an SSH key. ![]() That file read leads to another subdomain, which has a file include. There’s an SQL injection that allows bypassing the authentication, and reading files from the system. Trick starts with some enumeration to find a virtual host. Htb-trick ctf hackthebox nmap smtp smtp-user-enum zone-transfer vhosts wfuzz feroxbuster employee-management-system sqli sqli-bypass cve-2022-28468 boolean-based-sqli sqlmap file-read lfi directory-traversal mail-poisoning log-poisoning burp burp-repeater fail2ban htb-admirertoo ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |