<- HTB

Static


27 minutes to read

Static
Hack The Box. Linux. Hard machine. This machine contains a website that exposes a corrupted Gzip file that must be patched to get a TOTP key and download a VPN file. Then there are some PHP vulnerable services that can be compromised and get to an internal server that contains a binary executable file having a Format String vulnerability. Deep knowledge about pivoting and port forwarding techniques, network enumeration and PHP exploitation, as well as Format String exploitation are needed to compromise this machine. This writeup uses a custom Ruby script to automate the process of downloading the VPN file, a Python script gain RCE over a PHP web server and another Python script to exploit a binary using Format String