<- HTB

UpDown


13 minutes to read

UpDown
Hack The Box. Linux. Medium machine. This machine has a website that has a development directory and exposes a Git repository. Using this, we can find some functionality that is hidden except for developers and can be abused to get RCE after planning the attack and bypassing disable_functions in PHP. In the machine, there’s a SUID binary compiled out of a Python script, which can be abused with a library hijacking attack. Finally, the developer user is able to run easy_install with sudo, which leads to the privilege escalation