Hack The Box - Stocker [Easy] - 20/08/2023
HTB Writeup
Short Overview
This box consist of several vulnerabilities:
- NoSQL Injection - Specifically the part with sending the payload using JSON, we use this vulnerability to bypass the login process.
- Server Side Template Injection - We could directly use HTML and then inject an
iframe
whichsrc
is set to/etc/passwd
and after that we traverse the application itself to find the MongoDB user/password, and we used those to connect successfully to the machine using the password provided there. With that, we owned the User. - Linux Privilege Escalation - Then we use
sudo -l
to check what commands are we allowed to execute with root privileges. And we exploited thenode
executable, which runs with root privileges, to own the System.