In the 0xL4ugh CTF 2024, there was a web challenge with a peculiar programming language used for web development called Clojure. My team solved the challenge but information on the web is almost nonexistent. In today’s blog post, I will explain my thought process and depict how we solved the challenge.
Jund Creativity Primer by alemilan19
Magic drafts - Tips and Tricks
Headless its a easy hackthebox machine that is vulnerable to xss in a contact form. Using that vulnerability we can grab a cookie and gain admin access to the web app. Following that we detect a command injection which allows the foothold into the machine. Inside the machine we gain root by exploiting a script containing a path hijack vulnerability.
Analytics is a easy hackthebox machine that explores a vulnerability in a service called metabase. After gaining foothold into a docker continer we get credentials used in both the database and the ssh. Inside the machine we use a vulnerability in a service called overlayfs to get root.