This allows me to connect to any process on the box and inject shellcode, getting execution in the context of that process.
The final user has access to the GNU debugger with ptrace capabilities. Next I’ll abuse meta-git to get a shell as the next user. I’ll find a password for the database connection in the web files that is also used for a user account on the box. I’ll abuse SQL injection to bypass authentication, and then a mPDF vulenrability to read files from disk.
Htb-faculty ctf hackthebox nmap php feroxbuster sqli sqli-bypass auth-bypass sqlmap mpdf cyberchef burp burp-repeater file-read password-reuse credentials meta-git command-injection gdb ptrace capabilities python msfvenom shellcodeįaculty starts with a very buggy school management web application.
0 kommentar(er)
