In Beyond Root, I’ll look at a mistake that allowed for skipping a large part of this box. Then I’ll abuse unicode characters to slip more characters than allowed into a hashing program, and use that to brute force a secret salt, allowing me to crash the root hash. From the host, I’ll first exploit Python itself to get execution as the next user. From there I can leak the flask secret key and get into another user’s account, where I’ll find a misconfiguration that allows me to escape the container’s jail and read the user’s private SSH key. From inside a container, I can reach a dev instance and an API that effectively let’s me apply a given regex to a file on the filesystem, which I’ll turn into a file read exploit with some Python scripting. I’ll start by exploiting an IDOR vulnerability to leak hashes, cracking one and getting access to a website that manages containers. It’s got a lot of enumerating and fuzzing to find next steps and a fair amount of programming required to solve. RainyDay is a different kind of machine from HackTheBox. Hackthebox ctf htb-rainyday nmap ffuf subdomain docker container feroxbuster idor john chisel foxyproxy socks proxychains api flask flask-cookie python python-requests youtube flask-unsign jail python-use-after-free unicode emoji john-rules
0 Comments
Leave a Reply. |