xone 5 days ago

Imagery HTB Writeup | HacktheBox | Season 9

Linux · Medium

High level attack flow

  1. Recon — port 8000: web app (image gallery) and SSH open. 
  2. Register a regular account, use bug report / XSS to steal an admin session cookie → access admin panel. 
  3. Admin log endpoint has LFI (directory traversal) — retrieve db.json and other app files. 
  4. Analyse api_edit.py (image transform handler) — crop operation uses shell=True and concatenates parameters → command injection possible. 
  5. Use a privileged account (test user) to upload an image and trigger the crop transform with a command injection payload → reverse shell.
  6. On the box: read /var/backup/web_20250806_120723.zip.aes (world-readable) and exfiltrate.
  7. Crack / decrypt the AES-Crypt .aes backup offline with a wordlist (rockyou) using pyAesCrypt wrapper → recover archive → inspect db.json to find other credentials/hashes.
  8. Use an obtained user credential to SSH/switch to the user account and read user.txt.
  9. Privilege escalation: the user can run /usr/local/bin/charcol via sudo — use charcol -R or the interactive charcol shell to reset/pass into a no-password shell, then schedule a recurring task (or set SUID on /usr/bin/bash) to get root → read root.txt.


Access is restricted by HackTheBox rules#
The solution to the problem can be published in the public domain after her retirement.
Look for a non-public solution to the problem in the telegram channel .


0
10.2K
Mist HTB Writeup | HacktheBox

Mist HTB Writeup | HacktheBox

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
1 year ago
XSS Challenge Game Answers and Analysis Level 1-18

XSS Challenge Game Answers and Analysis Level 1-18

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
5 months ago
Google AI Security Framework SAIF detailed explanation

Google AI Security Framework SAIF detailed explanation

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
5 months ago
One liner bug hunting tools

One liner bug hunting tools

defaultuser.png
X0NE
2 years ago
WhiteRabbit   HTB Writeup | HacktheBox

WhiteRabbit HTB Writeup | HacktheBox

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
5 months ago