Hacking Jarvis from HackTheBox.eu

Profile Picture
Published on Nov 9, 2019🌏 Public

Hacking Jarvis from HTB.

Getting user was pretty easy, I exploited a SQL injection vulnerability and I could write files from SQL which allowed me to get a shell in the server as www-data. I could escalate my privileges to pepper by abusing a command injection flaw in simpler.py.

Finally, root was not especially complicated but I got a bit stuck getting root with systemctl. For some reason, systemctl wasn't finding the files in /tmp so I had to add my .service and my reverse shell script in /home/pepper