Go back

Hack The Box - Editor Write-up : From RCE to Root via PATH Hijacking

Note: This machine is still active on Hack The Box. To respect the platform’s rules and avoid spoiling the experience for other users, this write-up will be published in its entirety once the machine has been retired.

Editor HTB Card

Introduction

“Editor” is an easy-level Linux machine that demonstrates a realistic three-phase attack chain. We’ll start by exploiting a Remote Code Execution (RCE) vulnerability in a web application to gain initial access. Next, we’ll perform lateral movement by taking advantage of poor security practices to compromise a user account. Finally, we’ll abuse a misconfigured SUID binary to elevate our privileges to root.

Phase 1 : Recognition and Initial Access

Service Enumeration

Every engagement begins with reconnaissance. Our first step is an nmap scan of the target.

nmap -sC -sV 10.10.11.80

Nmap Scan Results

The scan reveals two open ports : 22 (SSH) and 80 (HTTP). The web service on port 80 redirects us to http://editor.htb, indicating the server uses virtual hosts. To interact with the site, we need to add this entry to our /etc/hosts file.

10.10.11.80 editor.htb

Full write-up coming soon! The rest of this content will be available once the machine is retired from Hack The Box.

Share this post on:
Share this post via WhatsAppShare this post on FacebookShare this post on XShare this post via TelegramShare this post on PinterestShare this post via email
Previous Post
Post-Quantum: Understanding the Next Line of Defense in Cybersecurity
Next Post
Hack The Box - Previous Write-up : LFI to Root via Terraform