Arbitrary File Read

November 25, 2023

Pilgrimage – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Arbitrary File Read, code review, exiftool, ffuf, Git, git-dumper, HackTheBox, Hex, HTB, Image Magick, Infosec, LFI, LinPeas, Linux Box, Rust, Source Code Review, Writeup 0

Machine Name: Pilgrimage
IP: 10.10.11.219
Difficulty: Easy

Summary

Pilgrimage is an easy machine which starts with identifying the ImageMagick tool that the target web application uses to shrink images. The tool is vulnerable to Arbitrary File Reads which enable us to fetch the credentials from a database file. These credentials were used to SSH and gain a user shell. The privilege escalation consists of exploiting Binwalk that runs inside a cron script.