KagisoSec_

Tag

privilege-escalation

2 items tagged “privilege-escalation”.

All tags

Writeups

MACHINE Linux

HackTheBox: Postman

An Easy Linux box: an unauthenticated Redis 4.x instance writes an SSH key into the redis user's authorized_keys for a foothold, an encrypted /opt/id_rsa.bak cracks to computer2008 to reach Matt via su, and Webmin 1.910 falls to CVE-2019-12840 command injection (running as root) for a root shell.

#linux#redis#ssh-key-injection
Read
MACHINE Linux

HackTheBox: Trick

An Easy Linux box: a DNS zone transfer leaks a preprod payroll vhost, a boolean SQL injection with the MySQL FILE privilege reads the nginx config to expose a second vhost, then a str_replace LFI bypass combined with SMTP mail-spool poisoning lands RCE as michael — and a writable fail2ban action plus a passwordless sudo restart escalates to root.

#linux#dns-zone-transfer#smtp
Read