Hacking Jarvis from HackTheBox.eu
Hacking Jarvis from HTB.
Getting user was pretty easy, I exploited a SQL injection vulnerability and I could write files from SQL which allowed me to get a shell in the server as www-data
. I could escalate my privileges to pepper
by abusing a command injection flaw in simpler.py
.
Finally, root was not especially complicated but I got a bit stuck getting root
with systemctl
. For some reason, systemctl
wasn't finding the files in /tmp
so I had to add my .service
and my reverse shell script in /home/pepper