This box is a part of TJnull’s list of boxes. I can get privilege with python so that I searched python privilege command at internet. php page presents an interesting BI/Analytics page, shown below: Poking around a bit, there seemed to be a number of potential attack paths, such as attempting commmand injection via an imported js or csv file with the import local file function, or potentially trying SQL or NoSQL injection (thinking the host might have a mongoDB backend) in the main index.
Hackthebox Heist Walkthrough-Further Reading.
0 kommentar(er)
