CVE-2023-22809 » THOVITI SIDDHARTH

August 5, 2023

Agile – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Chromium, CVE-2023-22809, Flask, HackTheBox, HTB, Infosec, Lateral Movement, LFI, Linux Box, MySQL, Port Forwarding, pspy, Remote Debugging Port, Stealing Cookies, Sudo 1.9.9, sudoedit, Werkzeug 0

Machine Name: Agile
IP: 10.10.11.203
Difficulty: Medium

Summary

Agile is a medium machine that starts with discovering a LFI which was leveraged to gain information required to crack the Werkzeug pin. The werkzeug pin allowed console access which allowed us to gain a shell as www-data. A config file revealed MySQL database credentials. The credentials for user corum were found which were used to SSH into the box. Enumerating further, it was found that chrome was running a remote-debugging-port at 41829 which was port forwarded to attacker machine which allowed us access to an existing session of the application. The credentials for user edwards was found here and were used to SSH into the box. Privilege escalation to root involved exploiting the sudo version 1.9.9 which was used to execute a writeable script running as root.