🛑
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Initial Foothold Hint:
- Pay careful attention to the server name and version. What technology runs this web server?
- You should test any user input points for any kind of injections (not just SQLi)
- What characters seem to make the server mad? Any way to bypass and get the server to parse these forbidden characters?
- Google the server technology and what kind of injection vulnerability you might be dealing with.
Privilege Escalation Hint:
- Look around for some interesting files that might tell you more about possible credentials and how the credentials are generated
- You should find the pattern of username and password generation, but this also is going to require you to create a password mask
- Since you don't know the exact number of characters, incrementally increase the mask character size until the hash is cracked. Too large, and cracking is going to take forever.
- You should be able to switch user, what permissions does this user have?