Writeup is an easy box in which we exploit a vulnerability in CMSMadeSimple to get ssh credentials. After that we privesc abusing a writeable directory in the PATH that leads to execution by a process that spawns when an ssh session is started.
Recently the Qualys Research Team did an amazing job discovering a Heap overflow vulnerability in Sudo. In the next sections, we will analyze the bug and we will write an exploit to gain root privileges on Debain 10.
Rope2 by R4J has been my favorite box on HackTheBox by far. It wasn’t really related to pentesting, but was an immersive exploit dev experience
Comments