<- HTB

Pilgrimage


13 minutes to read

Pilgrimage
Hack The Box. Linux. Easy machine. This machine has a website that exposes a Git repository. We are able to extract the PHP source of the web application and find out that it uses ImageMagick under the hood to process uploaded images. The version of ImageMagick has a local file read vulnerability that can be used to read a SQLite database file and find a plaintext password for emily, which is used in SSH too. After that, we find that root executes a Bash script that uses binwalk to remove malware from uploaded image files. The version of binwalk is vulnerable to Remote Code Execution, which leads to the privilege escalation