Tag: Arbitrary-File-Upload | Yw4rf

2024-12-02

Oopsie - IDOR, Arbitrary File Upload, and SUID Path Hijacking

Technical writeup detailing the compromise of the Oopsie machine. Initial access involves exploiting an IDOR vulnerability to enumerate credentials, followed by cookie manipulation to gain access to an arbitrary file upload function for a PHP reverse shell. Privilege escalation is achieved by finding plaintext database credentials for SSH access, and finally, exploiting the SUID binary '/usr/bin/bugtracker' using a PATH hijacking technique to execute a root shell.

HackTheBox Web-Exploitation IDOR Insecure-Direct-Object-Reference Cookie-Manipulation Arbitrary-File-Upload Reverse-Shell SUID-Privilege-Escalation Path-Hijacking PHP Linux-Exploitation
2024-11-21

Three - S3 Bucket Misconfiguration and Remote Code Execution via AWS CLI

Technical writeup detailing the compromise of the Three machine. The methodology involves identifying an exposed subdomain (s3.thetoppers.htb) pointing to an AWS S3 bucket. Exploitation is achieved by leveraging a misconfigured access policy via the AWS CLI to perform an arbitrary file upload of a PHP webshell. Remote Code Execution (RCE) is then established using the webshell, leading to full system access as the www-data user.

HackTheBox AWS S3-Bucket-Exploitation AWS-CLI Arbitrary-File-Upload Reverse-Shell PHP-Webshell Subdomain-Enumeration Linux-Exploitation