Throughout this writeup we’ll see how just a little bit of additional information allows us to effectively abuse a directory traversal vulnera- bility in way too old software. Going forward, we’ll use credentials obtained to look around the system to discover credentials for yet another application. Abusing an inherent flaw in the application design we’ll obtain SYSTEM privileges and ultimately take over the box. After we finished the hassle we’ll look at an alternative, easier, and more reliable route dmw0ng told me about after I solved the box and for style points use RDP to log into the system.
You May Also Enjoy
Recently the Qualys Research Team did an amazing job discovering a Heap overflow vulnerability in Sudo. In the next sections, we will analyze the bug and we will write an exploit to gain root privileges on Debain 10.
Rope2 by R4J has been my favorite box on HackTheBox by far. It wasn’t really related to pentesting, but was an immersive exploit dev experience