Busqueda - Hackthebox (OSCP Prep) - TJ Nulls
Вставка
- Опубліковано 15 бер 2024
- Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a Python module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to root , we discover credentials within a Git config file, allowing us to log into a local Gitea service. Additionally, we uncover that a system checkup script can be executed with root privileges by a specific user. By utilizing this script, we enumerate Docker containers that reveal credentials for the administrator user's Gitea account. Further analysis of the system checkup script's source code in a Git repository reveals a means to exploit a relative path reference, granting us Remote Code Execution (RCE) with root privileges.
Skills Required
Web Enumeration
Linux Fundamentals
Python Basics
------------------
Skills Learned
Command Injection
Source-code Analysis
Docker Basics
------------------
Tools
- manual enumeration
- CVE
------------------
Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: tryhackme.com/p/NoxLumens
Hackthebox: app.hackthebox.com/profile/17...
Twitch: / noxlumens - Наука та технологія
What tool do you use for screenshot bro ?
It's called 'flameshot' but there are alternatives to it like 'lightshot' if you prefer that. I like flameshot though. There's also one called 'greenshot' or something like that.
@@noxlumens thanks for reply