Devoops linux | hackthebox

NETWORK

Looking into the website at port 5000, we have an indication of an APP under construction

A quick dir scan reveals a folder upload

following the indication of the upload page, we are able to upload an XML file on the server

We then found the XML parser to be weakly configured as the application is vulnerable to XML External Entity attack (XXE).

Exploiting this XXE vulnerability, we are able to retrieve user Roosa ssh key

We get access to the server using user Roosa ssh key

Looking into the files own by the user Roosa, we noticed a versioned folder

which reveals a commit mistake/accident. We then reset the files to the commit before the commit accident.

Looking into the modified files git log --numstat we find the root ssh key, which we then use to get access to the server as root