🐧
Jackmeister
  • Welcome
  • Misc
    • Resources
    • Cybersecurity Terms You MUST KNOW
  • PG Play
    • Amaterasu
  • Hack The Box
    • Linux
      • Bashed
      • Beep
      • Sau
      • Trick
      • Knife
      • Love
      • Spectra
      • TheNotebook
      • Previse
      • Ophiuchi
      • Shocker
      • Bank
      • Keeper
      • Help
      • Cronos
      • Lame
    • Active Directory
      • Active
      • Forest
      • Timelapse
      • Sauna
    • HTB Register Form
  • TryHackMe
    • Red
    • Year of the Jellyfish
    • S1mple0nly b2r
    • Hermoso
    • This is so easy
    • Altair Network
    • road.thm
  • Platforms
    • Websites and Platforms
  • Tools
    • Hacking Tools
  • B2R template
Powered by GitBook
On this page
  1. Hack The Box
  2. Linux

Previse

PreviousTheNotebookNextOphiuchi

Last updated 2 years ago

Previse

Thursday, 25 November, 2021 9:40 PM

Maybe there is other php files ?

Forward the request until the response appear

Then change 302 to 200 and forward it

Then , on browser we will see the the adding user page

We might ask server for shell >:D

Forward it and we get a shell !

Command has no absolute path !

System will find "gzip" executable using the environment which by default is at usr/bin ":" means or

We can change the environment to export PATH=/dev/shm:$PATH so that

The system will start search at /dev/shm for our created "gzip" executable and run it

Get the response at burp

https://

www.hackthebox.com/achievement/machine/336799/373