Posts

Breach Umbrella Corp’s time-tracking server by exploiting misconfigurations around containerization. Link - https://tryhackme.com/room/umbrella

Userland rootkit in linux

Gitlab CVE_2023_7028 vulnerability has the ability to allow unauthorized users to take over user accounts, without any interaction from the victim. The vulnerability was found by asterion04 and was assigned the severity Critical.

Topology is a hackthebox machine that has a website showing information about a topology group. The group have a project which is a latex equation generation. The subdomain that is running the project accepts latex equations as inputs and generates a png image of that equation. However the project is vulnerable to latex injection and we can read files. One of those files, .htpassword, contains credentials that give access to a ssh session in the machine. To elevate privileges we used a binary called pspy64 to look at processes without root privileges. We are able to look at a command executed by root that can be used to gain root privileges and this way we get root access.

Pilgrimage is a hackthebox machine that has a website to shrink images. Running gobuster we found a git repository and we extract all the code used in the website. Inside the retrieved repository we have a binary called magick that is used to shrink images, however it has a vulnerable version. The version in question has a Local File Inclusion vulnerability that allows the attackers to read files. After reading a sqlite database file we get ssh credentials. Inside the system we found a script that analyses the files submitted in the website for malware. However the script use a vulnerable version of binwalk which gives us a shell as root.