Skip to content

TrackHackers/CyberMonday-HTB

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Decrypt-Laravel-Cookie.py
Decrypt-Laravel-Cookie.py
 
 
README.md
README.md
 
 
SSRF-to-RCE.py
SSRF-to-RCE.py
 
 
Writeup.pdf
Writeup.pdf
 
 

Repository files navigation

CyberMonday - HackTheBox

Dificulty: Hard OS: Linux

Summary:

  1. paramater tampering to become admin
  2. discovering new subdomain
  3. jwt tampering to elevate permissions on API
  4. discovering SSRF
  5. SSRF to RCE via laravel tokens
  6. network recon inside docker
  7. dumping dockers using Docker Registry API
  8. exploiting LFI in undocumented API endpoint
  9. find password in log file for user john ==> user
  1. sudo perms on python script
  2. bypass network restricions
  3. bypass volume restricions
  4. bypass read only flag ==> root

About

Repository for Cybermonday on HackTheBox

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages