Newsletter 24/01/2023
This machine has a website that has a development directory and exposes a Git repository. Using this, we can find some functionality that is hidden except for developers and can be abused to get RCE after planning the attack and bypassing disable_functions
in PHP. In the machine, there’s a SUID binary compiled out of a Python script, which can be abused with a library hijacking attack. Finally, the developer user is able to run easy_install
with sudo
, which leads to the privilege escalation
Python. Third-party dependencies. Code Injection. RCE
Greatest Common Divisor. Modular arithmetic. PKCS7 padding
Traffic analysis. ElGamal. Modular arithmetic
Block cipher. Known plaintext attack. Induction. SHA256
SSRF. Path Traversal. Gopher protocol. Redis RCE
64-bit binary. Format String vulnerability. Local variable modification
64-bit binary. Buffer Overflow. Redirecting program execution
AES ECB oracle