Bounty
A medium Windows box from HackTheBox, get initial access by bypassing a upload filter and uploading a web shell, then escalate privileges by running a kernel exploit.
Bounty
A medium Windows box from HackTheBox, get initial access by bypassing a upload filter and uploading a web shell, then escalate privileges by running a kernel exploit.
Bounty
A medium Windows box from HackTheBox, get initial access by bypassing a upload filter and uploading a web shell, then escalate privileges by running a kernel exploit.
TartarSauce
A medium Linux box from HackTheBox, get initial access through a vulnerable wordpress plugin, then get privesc to a full user through tar, and then find a backup script that unzips a file as root, allowing you to privesc to root by unzipping a malicious archive with a custom root-owned SUID executable.
TartarSauce
A medium Linux box from HackTheBox, get initial access through a vulnerable wordpress plugin, then get privesc to a full user through tar, and then find a backup script that unzips a file as root, allowing you to privesc to root by unzipping a malicious archive with a custom root-owned SUID executable.