Enumeration
Zenmap:
Gaining access www-data
Kiểm tra với burpsuite:
Kiểm tra api/v1:
Tôi thấy /api/v1/admin/settings/update được mô tả là Update user settings:
Update thành công user của tôi thành admin.
Tôi biết mình đã trèn được thành công code. Thực hiện trèn revershell và tôi nhận được shell ban đầu:
Với api: /api/v1/admin/vpn/generate
Nếu api generate vpn này gọi một trương trình bên ngoài để tạo vpn. Tôi có thể trèn mã như sau:
Gaining access admin
Đọc file .env:
PS D:\thehackbox\Machines\TwoMillion> ssh admin@2million.htb
admin@2million.htb's password:
admin@2million:~$ id
uid=1000(admin) gid=1000(admin) groups=1000(admin)
admin@2million:~$ ls
user.txtPrivilege escalation
Upload và thực hiện khai thác:
Trên terminal thứ 2:
Dear HackTheBox Community,
We are thrilled to announce a momentous milestone in our journey together. With immense joy and gratitude, we celebrate the achievement of reaching 2 million remarkable users! This incredible feat would not have been possible without each and every one of you.
From the very beginning, HackTheBox has been built upon the belief that knowledge sharing, collaboration, and hands-on experience are fundamental to personal and professional growth. Together, we have fostered an environment where innovation thrives and skills are honed. Each challenge completed, each machine conquered, and every skill learned has contributed to the collective intelligence that fuels this vibrant community.
To each and every member of the HackTheBox community, thank you for being a part of this incredible journey. Your contributions have shaped the very fabric of our platform and inspired us to continually innovate and evolve. We are immensely proud of what we have accomplished together, and we eagerly anticipate the countless milestones yet to come.
Here's to the next chapter, where we will continue to push the boundaries of cybersecurity, inspire the next generation of ethical hackers, and create a world where knowledge is accessible to all.
With deepest gratitude,
The HackTheBox Team