Web Exploitation

Introduction Anyone in the information security or penetration testing field knows how deep a topic, or even a certificate may go, and as we progress deeper into the field; it gets harder to keep track of the knowledge gained. For me personally, notes, cheatsheets, and mind maps are the best way to keep track of things. As far as studies go, the eLearnSecurity Junior Penetration Tester (eJPT) is an entry-level, beginner-friendly, and a great starting pointing to get some fundamentals of networking, programming, and penetration testing; all for an affordable price....

This box was classified as a medium box by ch4p on HackTheBox. It is also categorized as a OSCP-style box on TJNull’s list. While enumerating port 80, we find an instance of TorrentHoster where we get to upload an image and bypass its filtering to get our initial foothold. For privilege escalation, we leverage CVE-2010-0832 to get root. OS Difficulty IP Address Status Linux Medium 10.10.10.6 Retired Phase 1 - Enumeration Nmap As usual, we start off with a Nmap to identify open ports:...

This was a classified as a medium difficulty box by felamos from HackTheBox. Our foothold into this box starts on its webpage on port 8080, where we will find an “Online YAML Parser” which is vulnerable to SnakeYaml Deserialization attack, we can upload a YAML payload from the web application and the server-side will parse it using the SnakeYaml library. So, we’ll let it “parse” a Java payload to get remote code execution, and gain our foothold....

This was classified as an easy difficulty machine by MrKN16H7 on HackTheBox that has a webpage on port 80, running a developmental version of PHP which is vulnerable to remote code execution. We will analyze the vulnerability and then use a script by Richard Jones on PacketStorm to gain our foothold on the box. And finally, our privilege escalation vector will be a binary named knife which is a command line tool to manage the infrastructure automation tool called Chef....

This was classified as an easy machine by mrb3n on HackTheBox. We will find a webpage on port 80 with an image, running a directory brute force on it with a trailing slash; we will find a user.sh. We will intercept this request, find out that it is vulnerable to ShellShock (CVE-2014-6271) and gain a foothold in the box. To privilege escalate, we will find that the user can run Perl as root, then we will run Perl to execute Bash....