Spring Cloud » THOVITI SIDDHARTH

Spring Cloud

July 8, 2023

Inject- HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Ansible Playbook, Curl, CVE-2022-22963, HackTheBox, HTB, Infosec, LFI, LinPeas, Linux Box, pspy, Spring Cloud, Spring Framework, SpringBoot 0

Machine Name: Inject
IP: 10.10.11.204
Difficulty: Easy

Summary

Inject is an easy machine which starts with exploiting an LFI to gain information on the application being built on Spring Framework. Through the LFI, we discover one of the configuration files which reveals that the framework version is vulnerable to RCE. The RCE in Spring Cloud is exploited to gain a shell as user Frank. However, only user Phil can read the user flag. The credentials of Phil were found in another configuration file which was used to switch user to Phil. Privilege Escalation consisted of checking for cronjobs and looking for vulnerabilities in the jobs running as root. Ansible was being run on all the “.yml” files, which was exploited to gain access as root.