Introduction
This is my second walkthrough for a HTB machine.
While it is rated as "medium", I believe that I have truly learnt a lot from this box as well as gain a deeper understanding into binary exploitation and Local File Inclusion (LFI).
Thoughts
Overall a tough and interesting machine. It requires a combination of various knowledge from multiple domains spanning from web to binary exploitation and even an interesting privilege escalation vector!
Overview
This machine was rooted in about 12 hours. As always, I am grateful for the helpful and subtle hints available in the HackTheBox official forum. Here's a breakdown of the chain of events:
- Nmap Scans to discover open ports and services
- Enumerating the discovered web service
- Finding hidden HTML pages via fuzzing
- Exploiting Local File Inclusion (LFI) to reveal source code
- Discovering internal running services (binaries)
- Planning and writing an exploit to pwn the binary
- Using soft links to gain arbitrary file read access and escalate to the dev user
- Discover about binfmt_misc and learning about its misconfiguration
- Exploiting binfmt_misc to gain root!