We are going to walk through Editorial on Hack the Box! It started by discovering a blind SSRF vulnerability that led to finding various API endpoints which leaked cleartext credentials. Additional credentials were discovered in a Git commit leading to abusing a Python script for escalation to root!
The machine starts with identifying an XSS vulnerability to steal an administrator’s cookie. This stolen cookie is then used to access a separate page vulnerable to code injection. Finally, a Bash script is exploited to escalate privileges to root.
PermX is an easy-rated machine on Hack The Box, created by mtzsec. It begins with discovering and exploiting a vulnerable learning management system to gain initial access. Password reuse and a Bash script exploit are used to escalate privileges and gain root access.
BoardLight, an easy-rated machine on Hack The Box created by cY83rR0H1t, involves discovering a new virtual host, leveraging a CVE to gain a low-privileged foothold, performing horizontal escalation to another user on the box, and ultimately exploiting a lesser-known binary for root access.
I am going to walkthrough "Creative" from TryHackMe. This is an easy-rated machine that starts off with discovering a new virtual host, exploiting a server-side request forgery vulnerability in a URL testing tool, and then escalating to root via the LD_PRELOAD environment variable.