BirdsArentReal

CTF Team
HackTheBox Top 3 Team

HTB Jarvis Writeup by dmw0ng

Jarvis is a medium difficulty box in which we are able to inject SQL to get credentials into a phpmyadmin instance. We use a phpmyadmin metasploit exploit to gain a shell on the machine as www-data. www-data has sudo access as pepper user to a python script which we escape into a bash shell and then use to exploit a SUID binary to get root.

Twitter Facebook LinkedIn RSS

Comments

You May Also Enjoy

[CVE-2021-3156] Exploiting Sudo heap overflow on Debian 10 by D3v17

Recently the Qualys Research Team did an amazing job discovering a Heap overflow vulnerability in Sudo. In the next sections, we will analyze the bug and we will write an exploit to gain root privileges on Debain 10.

HTB Rope2 Writeup by FizzBuzz101

Rope2 by R4J has been my favorite box on HackTheBox by far. It wasn’t really related to pentesting, but was an immersive exploit dev experience

HTB Intense Writeup by FizzBuzz101

HTB Tabby Writeup by dmw0ng