To escalate to root, I’ll abuse fail2ban. I’ll show how to use that LFI to get execution via mail poisoning, log poisoning, and just reading an SSH key. That file read leads to another subdomain, which has a file include. There’s an SQL injection that allows bypassing the authentication, and reading files from the system.
Trick starts with some enumeration to find a virtual host. Htb-trick ctf hackthebox nmap smtp smtp-user-enum zone-transfer vhosts wfuzz feroxbuster employee-management-system sqli sqli-bypass cve-2022-28468 boolean-based-sqli sqlmap file-read lfi directory-traversal mail-poisoning log-poisoning burp burp-repeater fail2ban htb-admirertoo
0 kommentar(er)
