CVE-2021-3156 » THOVITI SIDDHARTH

June 6, 2022

RouterSpace – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Android, CVE-2021-3156, HackTheBox, HTB, htb-routerspace, LinPeas, Linux Box, Node, sudo 0

Machine Name: RouterSpace
IP: 10.10.11.148
Difficulty: Easy

Summary

An APK file is to be inspected to understand a feature’s inner workings. To get the user shell, the traffic was to be redirected to burp, and an RCE vulnerability through injection is to be exploited. To escalate privileges, simple enumeration leads us to a exploit POC that gives a root shell.