Blog
About
Tags
RCE
Apr 29, 23
Hack the Box - Meta 2
MetaTwo is an easy Linux machine that features a website running Wordpress, which is using a plugin vulnerable to unauthenticated SQL injection (CVE-2022-0739). It can be exploited to reveal the password hash of the Wordpress users which can be cracked to obtain the password for the Wordpress user manager. The Wordpress version in use is vulnerable to an XXE Vulnerability in the Media Library (CVE-2021-29447), which can be exploited to obtain credentials for the FTP server. A file on the FTP server reveals the SSH credentials for user jnelson. For privilege escalation, the passpie utility on the remote host can be exploited to obtain the password for the root user.
Apr 11, 20
Hack the Box - Traverxec
Feb 22, 20
Hack the Box - Zetta
Dec 7, 19
Hack the Box - Wall
Sep 21, 19
Hack The Box - Kryptos
««
«
1
2
»
»»
Follow me
I hack things and tweet about things...
Search
Results
No results found
Try adjusting your search query