<- HTB

Sandworm


25 minutes to read

Sandworm
Hack The Box. Linux. Medium machine. This machine has a website that allows to encrypt, decrypt and verify signatures using PGP. The website is vulnerable to SSTI in Flask, which is the way to access the machine as atlas. However, this environment is limited due to firejail, but we are able to find a plaintext password to login as silentobserver in SSH. As this user, we are able to modify a Rust project that is used in another Rust project that runs periodically as atlas. With this power, we can get access as atlas again, but outside firejail. Finally, since firejail is a SUID binary, we can use a public exploit to become root