Hacking Jarvis from HackTheBox.eu

Profile Picture
@drag0s
- Published on Nov 9, 2019馃審 Public

Hacking Jarvis from HTB.

Getting user was pretty easy, I exploited a SQL injection vulnerability and I could write files from SQL which allowed me to get a shell in the server as www-data. I could escalate my privileges to pepper by abusing a command injection flaw in simpler.py.

Finally, root was not especially complicated but I got a bit stuck getting root with systemctl. For some reason, systemctl wasn't finding the files in /tmp so I had to add my .service and my reverse shell script in /home/pepper

More coding videos

Fixing a small bug that breakes all the videos

Profile Picture@drag0s5 years ago

Adding team selector in VSCode

Profile Picture@drag0s4 years ago

How to use radio buttons in ReactJS

Profile Picture@drag0s4 years ago

Fixing a small bug from GetStream.io React library

Profile Picture@drag0s5 years ago

Fixing pagination bug

Profile Picture@drag0s4 years ago

Using React Portals to implement new settings modals

Profile Picture@drag0s4 years ago