🛑
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Initial Foothold Hint:
- Look at all of the places on the web site that accept user input
- What are some common vulnerabilities to test for in input points?
- What characters make the server angry? And based on these characters, what kind of injection do you think you've found?
- What tool might help you automate further probing of this input point?
Privilege Escalation Hint:
- What users are present on the system?
- The box is named Usage, so something is being "monitored"
- What service is running on the box that might help with this?
- Did you find any interesting files pertaining to this service?
- Is any of the information in this file reused elsewhere?