CodeTwo is a Linux box hosting a developer sandbox where users can execute JavaScript code. The site uses js2py, which I’ll exploit via CVE-2024-28397 to escape the sandbox and get remote code execution. From there, I’ll find MD5 password hashes in the SQLite database and crack one to pivot to marco. Marco can run npbackup-cli with sudo, and I’ll abuse this to read files from root’s backup, including the SSH private key, which I’ll use to get a shell as root.

0xdf hacks stuff

A walkthrough of exploiting a Linux machine running a JavaScript sandbox application. The attack chain involves exploiting CVE-2024-28397 in js2py to escape the sandbox and achieve remote code execution, cracking MD5 password hashes from a SQLite database to pivot to another user, and finally abusing sudo privileges on npbackup-cli to read root's backup files including SSH keys for full system compromise.

HTB: CodeTwo