HTB - Paper - Walkthrough [ hackthebox ]

NETWORK

ENUMERATION

The gobuster has reveal a wordpress instance

We have found a bot

We can run command (limited?)

Using our newly founded password

We get an initial shell as Dwight (Queenofblad3s!23)

FOOTHOLD

PRIV ESCALATION

Running the enumeration with

bash lse.sh -i -l1

We have found CVE-2021-4034

https://github.com/Almorabea/Polkit-exploit/blob/main/CVE-2021-3560.py

another version of the exploit

https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation

CAPTURE FLAGS

whoami; find / '(' -name 'local.txt' -or -name 'system.txt' -or -name 'user.txt' -or -name 'root.txt' -or -name 'proof.txt' -or -name 'access.txt' -or -name 'flag.txt' ')' -exec wc -c {} \; -exec cat {} \; 2>/dev/null; ip addr