..
Hack The Box - Investigation [Medium]
This box consist of several vulnerabilities:
- Command Injection - Used a vulnerability in
exiftool
that allowed me to run arbitrary code. - Leaked Credentials - Then we found the
.msg
file which contained an event logs from a Windows machine where we found the credentials for usersmorton
. I wasted a lot of time an effort to figure that one out, so don’t be discouraged when you can’t find it in the first 5 mins. - Sudo commands - We then found the mysterious
/usr/bin/binary
file that we could use sudo with and that led us to analyze it further where we found that it accepts 2 arguments, and it downloads a file, saves it with a specific name and runs it usingperl
.
References
- https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/
- https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429