JOIN BREACHFORUMS TELEGRAM
HTB Caption - Linux - Hard
by mhsoraa - Saturday September 14, 2024 at 06:31 PM
Advanced User

Posts: 62
Threads: 18
Joined: Aug 2024
Reputation: 16
#1
Sep 14, 2024, 06:31 PM (This post was last modified: Sep 14, 2024, 06:42 PM by mhsoraa.)
https://www.hackthebox.com/machines/caption
https://app.hackthebox.com/machines/625

Have fun and good luck everyone!

https://pbs.twimg.com/media/GXR-8C8WcAIbnPF?format=jpg
Reply
Advanced User

Posts: 77
Threads: 8
Joined: Aug 2024
Reputation: -1
#2
Sep 14, 2024, 06:55 PM (This post was last modified: Sep 14, 2024, 06:56 PM by rootme1122.)
okkkkk Let's Gooooooooooo!!!
Reply
⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐
God
Posts: 17
Threads: 0
Joined: Sep 2024
Reputation: 276

GOD
#3
Sep 14, 2024, 07:02 PM
Let the games begin!
Reply
Breached
Member
Posts: 124
Threads: 1
Joined: Apr 2024
Reputation: 3
#4
Sep 14, 2024, 07:17 PM
Someone has system already, and before user Big Grin
Reply
⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐
God
Posts: 17
Threads: 0
Joined: Sep 2024
Reputation: 276

GOD
#5
Sep 14, 2024, 07:25 PM
(Sep 14, 2024, 07:17 PM)jsvensson Wrote: Someone has system already, and before user Big Grin

lolz guess thats not meant to be that way XD
Reply
Advanced User

Posts: 77
Threads: 8
Joined: Aug 2024
Reputation: -1
#6
Sep 14, 2024, 07:27 PM
https://github.com/kacperszurek/exploits...ted-rce.md
Reply
⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐
God
Posts: 17
Threads: 0
Joined: Sep 2024
Reputation: 276

GOD
#7
Sep 14, 2024, 07:29 PM
(Sep 14, 2024, 07:27 PM)rootme1122 Wrote: https://github.com/kacperszurek/exploits...ted-rce.md

Does that work? Its only unauthenticated if the server it's running on is a windows.
Reply
Advanced User

Posts: 77
Threads: 8
Joined: Aug 2024
Reputation: -1
#8
Sep 14, 2024, 07:33 PM (This post was last modified: Sep 14, 2024, 07:50 PM by rootme1122.)
(Sep 14, 2024, 07:29 PM)FallenAngel Wrote:
(Sep 14, 2024, 07:27 PM)rootme1122 Wrote: https://github.com/kacperszurek/exploits...ted-rce.md

Does that work? Its only unauthenticated if the server it's running on is a windows.

GitBucket 4.23.1 Authenticated Arbitrary File Read
by Kacper Szurek
https://security.szurek.pl/
[+] Try login
Login successfully, cookie: {'JSESSIONID': 'node0fri9aghbcmet1opbu4zid3l88139377.node0'}
[+] Try create exploit repo: exploit--------
[+] Run exploit
[-] Error on sending exploit, probably file not exist
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jul 2024
Reputation: 0
#9
Sep 14, 2024, 07:34 PM
http://caption.htb:8080/root

I don't know if can be somehow useful
Reply
Breached
Member
Posts: 12
Threads: 0
Joined: Jul 2024
Reputation: 0
#10
Sep 14, 2024, 07:40 PM
(Sep 14, 2024, 07:34 PM)antolint Wrote: http://caption.htb:8080/root

I don't know if can be somehow useful

has some source code, guessing these lines inside server.go
logs := fmt.Sprintf("echo 'IP Address: %s, User-Agent: %s, Timestamp: %s' >> output.log", ip, userAgent, timestamp)
        exec.Command{"/bin/sh", "-c", logs}
may be the way
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 370 92,402 5 hours ago
Last Post: lifolifo007
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,200 8 hours ago
Last Post: kkkato
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 20 2,513 Yesterday, 11:06 PM
Last Post: op334
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 3 410 Yesterday, 10:36 PM
Last Post: op334
  CBBH Write Ups hiddenhacker 22 6,237 Yesterday, 06:39 AM
Last Post: Usercomplex

Forum Jump:


 Users browsing this forum: 1 Guest(s)