Imagery HTB WriteUp: Season 9 Machine 2 This is not a proper walkthrough it is just a writeup or you can say some personal notes i made while solving the machine. Initial Recon Nmap nmap 10.10.11.88 …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A detailed walkthrough of exploiting a Hack The Box machine through multiple attack vectors. The process involves initial reconnaissance with nmap, bypassing client-side restrictions, exploiting blind XSS to steal admin cookies, leveraging LFI vulnerabilities to extract credentials, achieving RCE through visual transform functionality, cracking encrypted backup files with a custom Python script, and escalating privileges from web user to mark and finally to root using a custom binary for cron job manipulation.

Imagery HTB WriteUp: Season 9 Machine 2

RCE on Apply Visual Transform from Test User

Get Abhishek Gupta’s stories in your inbox