Drive has a website that provides cloud storage. I’ll abuse an IDOR vulnerability to get access to the administrator’s files and leak some creds providing SSH access. From there I’ll access a Gitea instance and use the creds to get access to a backup script and the password for site backups. In these backups, I’ll find hashes for another use and crack them to get their password. For root, there’s a command line client binary that has a buffer overflow. I’ll show that, as well as two ways to get RCE via an unintended SQL injection.

0xdf hacks stuff

This post provides an in-depth analysis of the HTB: Drive machine, including enumeration, SQL injection vulnerabilities, and privilege escalation using the doodleGrive-cli binary.