![]() ![]() ![]() To get to root, I’ll exploit a template injection in a Python script to leak the secret. To pivot to the user, I’ll get shared credentials out of the Redis database. With the upgraded status, I can access a writable directory that I can drop a webshell into and get a foothold on the box. I’ll abuse post creation to get arbitrary read and write on the host, and use that along with a proxy_pass bug to poison Redis, giving my account “pro” status. ![]() Htb-format hackthebox ctf nmap ffuf subdomain debian feroxbuster gitea source-code php file-read file-write webshell burp burp-repeater nginx redis proxy-pass password-reuse python ssti wfuzzįormat hosts a primitive opensource microblogging site. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |