I’ll dive into Linux user IDs and SetUID / SUID, execve vs system, and sh vs bash, and test out what I learn on Jail. In looking through writeups for Jail after finishing mine, I came across an interesting rabbit hole, which led me down the path of a good deal of research, where I learned interesting detail related to a few things I’ve been using for years. In Beyond Root, I’ll look at an alternative root, and dig more into mass assignment vulnerabilities. To root, I’ll abuse a download program to overwrite root’s authorized_keys file and get SSH access. As admin, I’ll use the LFI plus upload to get execution.
#WEBMIN DEFAULT CREDS UPGRADE#
After logging in, there’s a mass assignment vulnerability that allows me to upgrade my user to admin.
I’ll identify and abuse a timing attack to identify usernames on a login form. Timing starts out with a local file include and a directory traversal that allows me to access the source for the website. Hackthebox ctf htb-timing nmap php feroxbuster wfuzz lfi directory-traversal source-code side-channel timing python bash youtube mass-assignment burp burp-repeater webshell firewall git password-reuse credentials axel sudo-home htb-backendtwo
0 kommentar(er)
