Blog
About
Tags
Linux
Apr 29, 23
Hack the Box - Keeper
Apr 29, 23
Hack the Box - Busqueda
Jan 14, 23
Hack the Box - Shoppy
Nov 26, 22
Hack the Box - RedPanda
RedPanda is an easy Linux machine that features a website with a search engine made using the Java Spring Boot framework. This search engine is vulnerable to Server-Side Template Injection and can be exploited to gain a shell on the box as user woodenk. Enumerating the processes running on the system reveals a Java program that is being run as a cron job as user root. Upon reviewing the source code of this program, we can determine that it is vulnerable to XXE. Elevation of privileges is achieved by exploiting the XXE vulnerability in the cron job to obtain the SSH private key for the root user. We can then log in as user root over SSH and obtain the root flag.
Oct 7, 22
Hack the Box - OpenSource
Feb 5, 22
Hack the Box - Horizontall
««
«
1
2
3
4
5
»
»»
Follow me
I hack things and tweet about things...
Search
Results
No results found
Try adjusting your search query