It was one of those boxes where everything running on the box felt like it had a reason to be there, and wasn’t just plopped onto it for the sake of having a CTF.Īs with other writeups, this may contain screenshots dated from after the box retired. Every part of the path felt super on-theme and it was really enjoyable. Finally, root involves exploiting sudo permissions on the msfconsole binary to gain a shell. From the kid user, we can escalate to the pwn user by exploiting a command injection vulnerability in a logging script designed to ‘hack back’ other hackers. This can be used to execute commands on the box as the kid user by uploading a malicious APK file. The website runs a number of Linux commands in the background, one of which makes use of an outdated metasploit library. This was a pretty easy but really fun box based on exploiting another hacker’s badly made website. Trying to Upload a Reverse Shell Template.Home Comp Sci Writing Blog Hack the Box - Scriptkiddie Contents
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |