Blog
About
Tags
RCE
Sep 2, 23
Hack the Box - monitorstwo
Aug 3, 23
Hack the Box - Agile
Welcome back! Today we’re going to do the same thing we do every day, Hack the Box! Today’s machine is Agile. This machine is listed as a medium Linux machine. Let’s go!
Apr 29, 23
Hack the Box - Topology
Apr 29, 23
Hack the Box - Pilgrimage
Apr 29, 23
Hack the Box - PC
Apr 29, 23
Hack the Box - Meta 2
MetaTwo is an easy Linux machine that features a website running Wordpress, which is using a plugin vulnerable to unauthenticated SQL injection (CVE-2022-0739). It can be exploited to reveal the password hash of the Wordpress users which can be cracked to obtain the password for the Wordpress user manager. The Wordpress version in use is vulnerable to an XXE Vulnerability in the Media Library (CVE-2021-29447), which can be exploited to obtain credentials for the FTP server. A file on the FTP server reveals the SSH credentials for user jnelson. For privilege escalation, the passpie utility on the remote host can be exploited to obtain the password for the root user.
««
«
1
2
»
»»
Follow me
I hack things and tweet about things...
Search
Results
No results found
Try adjusting your search query