Welcome to another Hack the Box exercise. In this walkthrough, I have documented how I pwned the Puppy machine on Hack the Box. Hack The Box is a cybersecurity platform that helps you bridge knowledge gaps and prepares you for cyber security jobs. You can also test and grow your penetration testing skills, from gathering information to reporting. If you are new to this blog, please do not forget to like, comment and subscribe to my YouTube channel (https://www.youtube.com/@BoltechTechnologies1) and follow me on LinkedIn (https://www.linkedin.com/in/isiaq-ibrahim-468588156/) for more updates.
About the Machine
Puppy is an easy-difficulty Linux machine that showcases a Remote Code Execution (RCE) vulnerability in the `pymatgen` (CVE-2024-23346) Python library by uploading a malicious `CIF` file to the hosted `CIF Analyzer` website on the target. After discovering and cracking hashes, we authenticate to the target via SSH as `rosa` user. For privilege escalation, we exploit a Path Traversal vulnerability that leads to an Arbitrary File Read in a Python library called `AioHTTP` (CVE-2024-23334) which is used on the web application running internally to read the root flag.
I will add this post in a few minutes....Keep refreshing
0 Comments