🛑
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Initial Foothold Hint:
- Are there any particular input points or buttons on the web page that you can test user input or tamper with URL query parameters?
- Look at particular words in the URL query parameters and if you're not sure what they are, ask Google how they can be abused
Privilege Escalation Hint:
- Any interesting files on the file system?
- What privileges does your new user session have?
- You might need to use a
meterpreter
shell to finish the job