Relative Path Hijacking » THOVITI SIDDHARTH

August 13, 2023

Busqueda – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Code Injection, Docker, eval(), Gitea, HackTheBox, HTB, Infosec, Injection, Linux Box, MySQL, Path Hijacking, Privilege Escalation, Relative Path Hijacking, Searchor, sudo, Writeup 0

Machine Name: Busqueda
IP: 10.10.11.208
Difficulty: Easy

Summary

Busqueda is an easy machine that challenges you to read code, find the vulnerability, and craft syntactically correct payloads that suit the code when injected. The privilege escalation is straight forward and explores relative path hijacking through SUID scripts to get root.