This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo knife" to become root.
We are solving TheNotebook, a 30-point Machine on HackTheBox where we'll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.
LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates and the abuse of a cronjob. Unfortunately the box was very unstable and slow for me and therefore pretty unenjoyable.
LimeSurvey is a widely used open source application that allows it to create surveys with various features. For this post I will use LimeSurvey Version 2.72.3+171020 which contains a known vulnerability and use it together with 2 yet unknown vulnerabilities to achieve code execution. The first step of the exploit...