pspy – A Cyber Journey

Late – HackTheBox

Late was an easy machine that required enumerating a subdomain to discover a Flask application used to OCR images. The application was vulnerable to Server Side Template Injection which allowed for remote code execution. This led to ssh access where it was discovered that a script run by root was in a writeable location from…

Captain Nemo

July 30, 2022

HackTheBox

cronjobs, HackTheBox, pspy, SSTI

Curling – HackTheBox

Curling is an easy machine that required directory busting a web page to find a secret key to access a Joomla CMS admin panel. This allowed for code execution which led to our initial shell. From there we moved laterally by finding a hex dump, decoding it, and discovering a password. To achieve root access,…

Captain Nemo

July 21, 2022

HackTheBox

cronjobs, curl, Gobuster, HackTheBox, joomla, Privilege Escalation, pspy, xxd

Bashed – HackTheBox

Scanning I started as always with an nmap scan. Enumeration Just port 80 open so let’s check that out. The dev folder looks promising. Wow, a phpbash webshell. That’s handy. Foothold – Shell as www-data Awesome, I should be able to get a reverse shell from this. It took a bit of tinkering with payloads…

Captain Nemo

March 18, 2022

HackTheBox

HackTheBox, pspy, python, sudo

Tag: pspy

Late – HackTheBox

Curling – HackTheBox

Bashed – HackTheBox