UNION Injection

July 15, 2023

Socket – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec .pyc, code-review, decompilation, Flask, HackTheBox, HTB, Infosec, john, JohnTheRipper, pycdc, PyInstaller, SQLi, sudo -l, UNION Injection, WebSocket 0

Machine Name: Socket
IP: 10.10.11.206
Difficulty: Medium

Summary

Socket is a medium machine that starts with decompiling and obtaining the python source code for an executable. The source code reveals how one can communicate with the WebSocket server that is hosted. The WebSocket server is vulnerable to SQLi which is leveraged to obtain password hashes for the user. The privilege escalation involves exploiting a script that the user can run as root. This script uses PyInstaller to build files. A python file that sets the suid bit was executed using this script to gain root privileges.