🎈 The web server on the default port 80 hosts a demo virtual host, accessible with guest credentials. While reviewing the links, I discover a MinIO Metrics section that is visible due to a Line Feed (LF) injection vulnerability. This allows me to analyze the logs, leading to the discovery of a new virtual host. This new virtual host uses the MinIO platform and reveals the service version, which is vulnerable to CVE-2023-28432. This is an information disclosure vulnerability that exposes the root user's credentials of the platform. After a thorough analysis, I determine that a specific version of a bucket leaks critical information related to an identity-based secrets and encryption management system. Finally, privilege escalation is achieved by leveraging a program that can be executed with elevated privileges by a user.
Franco T.’s Post
More Relevant Posts
-
I post about Cybersecurity Basics and new threats in the field | "learn and teach", so I post new things as I learn.
another machine pwned :) for some reason, the terminal commands are really slow. is there a way to fix the issue? it gets stuck every 2 minutes. I have tried the below command: sudo sysctl vm.swappiness=10 yet it still isn't fixed. open to advice :)
To view or add a comment, sign in
-
According to Kyle Winton. If it helps... In relation to Crowdstrike there is a fix. Click See Advanced Repair Options Click Troubleshoot Click Command prompt and enter the following pushd C:\Windows\System32\drivers\Crowdstrike del “C-00000291*.sys” exit Click continue, system should reboot normally
To view or add a comment, sign in
-
iT | dstelecom || MSc Cybersecurity IPVC || TryHackMe Top 1% || PortSwigger NEWBIE || HackTheBox Hacker || CTF player || Passionate about cybersecurity.
#PermX Owned Hack The Box User flag: The first flag was simple to find. I discovered an application running on the web server, which immediately led me to an RCE vulnerability. This allowed me to upload a webshell and, subsequently, a reverse shell to gain access to the system. After some enumeration, I found the local user's credentials and was able to access the first flag. Root flag: The root flag was quite simple. The user account I had access to, could execute a script that used setfacl, which allows users to configure ACLs on directories and files. However, the script could only be executed with files located in the user's 'Home' directory. The way I got around this restriction was by creating a symbolic link to the passwd file within the directory. After running the script, the local user could then modify the file. I removed the root password and was able to access the flag :)
Owned PermX from Hack The Box!
hackthebox.com
To view or add a comment, sign in
-
PNPT | Google Cybersecurity Certification | Penetration Tester | Red Team Operator | Bug Hunter | Attorney at Law
This box was a little bit difficult. I had to mount a system from a backup file found in the host from which I've connected via SMB. Once the system was mounted, I was able to get the SAM hash from the user. From there, I identified and cracked the hash and was able to log into the user's machine via SSH. In this machine, I found that it was running an application called mRemoteNG, which has its configure files located in the "C:\Users\L4mpje\AppData\Roaming\mRemoteNG" directory. In said directory, there was a file called "confcons.xml", which contained the hashes for the User as well as the Administrator. I, then, used a mRemoteNG hash cracker and was able to get the Administrator password, and, therefore, his flag.
Owned Bastion from Hack The Box!
hackthebox.com
To view or add a comment, sign in
-
🫠 Tricky machine to get a foothold on because I am not quite used to inspecting traffic with Wireshark but eventually got there! 👾 Also make use of a IDOR vulnerability to download the right .pcap file. After that simply run linpeas for privilege escalation. It will highlight what you need to do.
Owned Cap from Hack The Box!
hackthebox.com
To view or add a comment, sign in
-
Turning Digital Footprints into Answers: Experienced Forensic Consultant and SANS Certified and SANS Lethal Forensicator
For the current Croudstrike BSOD issue there are a few work around 1. Group policy to remove the file https://lnkd.in/dqzcCM3Z 2. Manually remove the file within Safe Mode, Advanced Start Up (Command Prompt): del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys" The Reddit thread: https://lnkd.in/gy5UPWtg My chatter on Twitter: https://lnkd.in/gXFkGWNV Try the above in a test environment prior to running it in production.
Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy
gist.github.com
To view or add a comment, sign in
-
🎉 This is a special machine from Hack The Box. It shows the old version of the platform. Upon inspecting it, I found an invite code option instead of a registration option. After bypassing this, I checked the API endpoints and found one that was vulnerable. This allowed me to upgrade my user account to administrator level. This allowed me to upgrade my user account to administrator level. With this access, I performed a command injection to gain a foothold. To escalate further, I exploited a vulnerability in the OverlayFS in the kernel (CVE-2023-0386) and successfully escalated my privileges.
Owned TwoMillion from Hack The Box!
hackthebox.com
To view or add a comment, sign in
-
But in relation to Crowdstrike there is a fix. Click See Advanced Repair Options Click Troubleshoot Click Command prompt and enter the following pushd C:\Windows\System32\drivers\Crowdstrike del “C-00000291*.sys” exit Click continue, system should reboot normally
To view or add a comment, sign in
-
Director & India Head- Modern Apps & Cloud(North America, APAC & EMEA) |Digital Transformation Leader |Prompt Engineering | Metaverse & Blockchain Expert| CSPO|CSM|MCSD|MCP|
How to fix your computer if you are affected by the #crowdstrike crash: 1. Reboot the machine in safe mode 2. Open command prompt with admin credential 3. Run the following command: sc config "csagent" start=disabled 4. Reboot normal #microsoftoutage
To view or add a comment, sign in
-
🖨 The multifunction device allowed me to specify the domain controller or file server from the website, enabling me to obtain the necessary credentials. With these credentials, I established a persistent connection. To escalate my privileges, I utilized the fact that the user belonged to the Server Operators group. This membership enabled me to configure the Volume Shadow Copy Service, through which I set up a reverse shell, ultimately allowing me to obtain the root flag.
Owned Return from Hack The Box!
hackthebox.com
To view or add a comment, sign in
Top 1% at TryHackMe Global • HTB | Elite Hacker • eJPTv2 • ICCA • CompTIA PenTest+ • CompTIA Security+ (SYO-601) • CompTIA CASP+ (CAS-004) • CompTIA Project+ (PKO-004) • Apache Spark (CVE-2022-33891)
3moGreat man