Academy — Privilege Escalation & Exploitation Walkthrough (TCM Security)
Linux machine compromise via FTP anonymous access and web CMS exploitation, followed by privilege escalation through cron misconfiguration leading to root access.
Read more →
CodePartTwo
linuxjavascriptjs2pycve-2024-28397sandbox-escapereverse-shellprivilege-escalationEasyHackTheBoxMachineCompromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag.
Read more →
Nibbles Machine (HackTheBox) — Step-by-Step Walkthrough
linuxhacktheboxeasyfile-uploadreverse-shellmetasploitsudo-exploitationprivilege-escalationweb-exploitationCompromise of a Linux HackTheBox machine running Nibbleblog 4.0.3, exploited through default credentials and an authenticated file upload vulnerability to gain a reverse shell, followed by privilege escalation by abusing a world-writable sudo script.
Read more →
Dog Machine (HackTheBox) — Step-by-Step Walkthrough
linuxhacktheboxeasygit-dumpercve-2022-42092file-uploadreverse-shellcredential-reusesudo-exploitationprivilege-escalationCompromise of a Linux HackTheBox machine by dumping an exposed Git repository to extract database credentials, logging into Backdrop CMS as admin, exploiting an authenticated unrestricted file upload vulnerability (CVE-2022-42092) for RCE, and escalating privileges via a sudo misconfiguration on the bee CLI tool.
Read more →