Blog
About
Tags
Hack the Box
Apr 29, 23
Hack the Box - Topology
Apr 29, 23
Hack the Box - Sau
Apr 29, 23
Hack the Box - Sandworm
Apr 29, 23
Hack the Box - Pilgrimage
Apr 29, 23
Hack the Box - PC
Apr 29, 23
Hack the Box - Meta 2
MetaTwo is an easy Linux machine that features a website running Wordpress, which is using a plugin vulnerable to unauthenticated SQL injection (CVE-2022-0739). It can be exploited to reveal the password hash of the Wordpress users which can be cracked to obtain the password for the Wordpress user manager. The Wordpress version in use is vulnerable to an XXE Vulnerability in the Media Library (CVE-2021-29447), which can be exploited to obtain credentials for the FTP server. A file on the FTP server reveals the SSH credentials for user jnelson. For privilege escalation, the passpie utility on the remote host can be exploited to obtain the password for the root user.
««
«
1
2
3
4
5
»
»»
Follow me
I hack things and tweet about things...
Search
Results
No results found
Try adjusting your search query