TryHackMe
Found 3 related articles
Back to Tags- 2024-12-05
TheStickerShop - Stored XSS Leading to Data Exfiltration
Technical writeup detailing the compromise of TheStickerShop. The primary vulnerability exploited is a Stored Cross-Site Scripting (XSS) vulnerability found in the 'Feedback' form on the Python/Werkzeug web server (8080/tcp). The attack leverages a custom JavaScript payload to bypass a 401 Unauthorized error, fetch the restricted 'flag.txt' file, encode its content in Base64, and exfiltrate the data to an attacker-controlled HTTP server via an Image object request.
- 2024-11-06
Whiterose - IDOR, EJS SSTI (CVE-2022-29078), and Sudoedit Bypass (CVE-2023-22809)
Technical writeup detailing the compromise of the Whiterose machine. Initial access involves subdomain enumeration via wFuzz and exploiting an IDOR vulnerability to retrieve privileged user credentials. This leads to a Server-Side Template Injection (SSTI) RCE via CVE-2022-29078 (EJS Template Engine vulnerability). Privilege escalation is achieved by exploiting the Sudoedit vulnerability CVE-2023-22809 to gain root access via modifying the /etc/sudoers file.
- 2024-10-15
Source - Webmin 1.890 RCE (CVE-2019-15107) Exploitation
Technical writeup detailing the immediate compromise of the Source machine by exploiting the Webmin service running on port 10000. The vulnerability leveraged is the unauthenticated Remote Code Execution (RCE) backdoor in Webmin versions 1.882 < 1.921 (CVE-2019-15107). Exploitation is achieved by running a public exploit to gain direct root access and establishing a reverse shell for full system control.