This is my second walkthrough for a HTB machine.
While it is rated as "medium", I believe that I have truly learnt a lot from this box as well as gain a deeper understanding into binary exploitation and Local File Inclusion (LFI).
Overall a tough and interesting machine. It requires a combination of various knowledge from multiple domains spanning from web to binary exploitation and even an interesting privilege escalation vector!
This machine was rooted in about 12 hours. As always, I am grateful for the helpful and subtle hints available in the HackTheBox official forum. Here's a breakdown of the chain of events:
- Nmap Scans to discover open ports and services
- Enumerating the discovered web service
- Finding hidden HTML pages via fuzzing
- Exploiting Local File Inclusion (LFI) to reveal source code
- Discovering internal running services (binaries)
- Planning and writing an exploit to pwn the binary
- Using soft links to gain arbitrary file read access and escalate to the dev user
- Discover about binfmt_misc and learning about its misconfiguration
- Exploiting binfmt_misc to gain root!