![]() ![]() Htb-intentions ctf hackthebox nmap ubuntu php laravel feroxbuster image-magick sqli second-order second-order-sqli sqli-union sqli-no-spaces sqlmap sqlmap-second-order ssrf arbitrary-object-instantiation msl scheme webshell upload git capabilities brute-force python youtube file-read htb-extension htb-earlyaccess htb-nightmare To get a shell as root, I’ll exploit a satellite tracking program. ![]() Then, I’ll get access to a Jupyter Notebook, and use it to pivot again. Then I’ll exploit a cron running Shadow Simulator to pivot to the next user. I’ll find an endpoint in Grafana that allows me to send raw SQL queries that are executed by the PostgreSQL database, and use that to get code execution on the host. Ctf htb-jupiter hackthebox nmap ffuf feroxbuster grafana postgresql cve-2019-9193 burp burp-repeater pspy shadow-simulation jupyter-notebook sattrack arftracksat ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |