1/12/2024 0 Comments For ios instal Seal of EvilSandworm offers the website for a secret intelligence agency. Htb-sandworm ctf hackthebox nmap ubuntu gpg pgp feroxbuster python flask ssti crypto firejail httpie cargo rust source-code cve-2022-31214 I’ll abuse a vulnerability in binwalk to get execution as root. When there’s a file, it runs binwalk on the file to look for executables. There’s a script run by root that’s monitor file uploads using inotifywait. That database gives a plaintext password that works for SSH. I’ll use that to enumerate the host and pull the SQLite database. ![]() I’ll find an exposed Git repo on the site, and use it to see it’s using a version of Image Magick to do the image reduction that has a file read vulnerability. Pilgrimage starts with a website that reduces image size. ![]() Htb-pilgrimage ctf hackthebox nmap debian git gitdumper feroxbuster cve-2022-44268 image-magick pngcrush sqlite inotifywait binwalk cve-2022-4510 file-read
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |