socket » THOVITI SIDDHARTH

socket

September 30, 2023

Format – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec code review, Format String Vulnerability, Gitea, HackTheBox, HTB, LFI, LinPeas, Linux Box, Nginx Reverse Proxy Misconfiguration, redis, socket, Source Code Review, sudo -l 0

Machine Name: Format
IP: 10.10.11.213
Difficulty: Medium

Summary

Format is a medium machine that starts with discovering two ports that run Gitea and a Microblog respectively. First, an LFI is discovered on the Microblog after reviewing the source code. Further analysing the source code, one could bypass the mechanism to become Pro user and upload image files. One of the parameters that causes LFI creates a new if it doesn’t already exist. This allowed writing a PHP shell through which a shell was obtained as www-data. A redis server running on a socket was discovered and used to obtain credentials for the user “cooper”. Privilege escalation involved exploiting a python format string vulnerability for a script that could be run using sudo.