Clicker has a website that presents a game that is a silly version of Universal Paperclips. I’ll find an mass assignment vulnerability that allows me to change my role to admin after bypassing a filter two different ways (newline injection and SQLI). Then I’ll exploit a file write vulnerability to get a webshell and execution on the box. To escalate, I’ll find a SetUID binary for the next user and abuse it to read their SSH key. To get root, I’ll exploit a script the user can run with sudo, showing three different ways (playing with Perl environment variables, setting myself as the proxy and adding an XXE attack, and abusing LD_PRELOAD).

0xdf hacks stuff

This post discusses the exploitation of vulnerabilities in the HTB: Clicker box, including mass assignment vulnerability, XXE vulnerability, and abuse of environment variables. The post provides a step-by-step walkthrough to gain access to the box as well as escalate privileges to become the root user.