Stocker – HackTheBox Writeup

Machine Name: Stocker
Difficulty: Easy


Stocker is an easy machine which starts with a subdomain enumeration, and leads to NoSQL injection to bypass a login page. Then, it challenges us to understand the flow of API calls that generate a PDF, which can be exploited to read local files on the server using a Server Side XSS exploit. We find credentials of a user by exploiting the Server Side XSS to read the source code of the application. The privilege escalation involves abusing sudo rights that allow the user to run javascript files as root.

Read More