Mar 10, 2025, 01:31 AM
Let's discusses HTB Desires web challenge
|
HTB Desires
by pop10189 - Monday March 10, 2025 at 01:31 AM
|
|
Mar 11, 2025, 03:56 AM
Since there is no hints, here you go;
https://github.com/mholt/archiver/pull/396 CVE-2024-0406 You would be able to exploit the archive library (To create files outside the saved directory) but you can't overwrite files (as i know now).
Mar 11, 2025, 02:52 PM
(This post was last modified: Mar 11, 2025, 03:33 PM by ZombieBear.)
You can add CVE-2024-38513 https://github.com/advisories/GHSA-98j2-3j3p-fw2v to the observation...
>You would be able to exploit the archive library (To create files outside the saved directory) but you can't overwrite files (as i know now). Correct for tar archives
Mar 12, 2025, 10:28 AM
It is not mine but almost the same i did. Try to understand how the .TAR file is crafted.
https://github.com/walidpyh/CVE-2024-040.../script.py
Mar 12, 2025, 12:41 PM
(Mar 10, 2025, 01:31 AM)pop10189 Wrote: Let's discusses HTB Desires web challengeIt's incredible how you have all this stuff, I love it This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Mar 12, 2025, 02:11 PM
(Mar 12, 2025, 10:28 AM)sdksdk Wrote: It is not mine but almost the same i did. Try to understand how the .TAR file is crafted. How did you know that's a CVE-2024-0406
Mar 12, 2025, 02:16 PM
(This post was last modified: Mar 12, 2025, 02:35 PM by Cth1hu_R1y3h.)
(Mar 12, 2025, 02:11 PM)BFischer Wrote:(Mar 12, 2025, 10:28 AM)sdksdk Wrote: It is not mine but almost the same i did. Try to understand how the .TAR file is crafted. Read the source code first, especially notice the special "imports", sometimes u can find CVEs in those third party imports
Mar 12, 2025, 06:09 PM
(Mar 12, 2025, 02:11 PM)BFischer Wrote:(Mar 12, 2025, 10:28 AM)sdksdk Wrote: It is not mine but almost the same i did. Try to understand how the .TAR file is crafted. Look into go.mod, you will find the version of archiver (Mar 11, 2025, 02:52 PM)ZombieBear Wrote: You can add CVE-2024-38513 https://github.com/advisories/GHSA-98j2-3j3p-fw2v to the observation... That's wired, been trying this without success Edit: i dont think session fixation would work, since the token used by your user is created each time you login and updated on redis
Mar 13, 2025, 05:29 AM
(Mar 12, 2025, 07:21 PM)pop10189 Wrote:(Mar 11, 2025, 02:52 PM)ZombieBear Wrote: You can add CVE-2024-38513 https://github.com/advisories/GHSA-98j2-3j3p-fw2v to the observation... Look closely at the code, you're on the right track. You can forge the session, because you know how the session ID is generated and you can also update the session ID on redis without actually generating a session file. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] CPTS 12 FLAGS | 68 | 1,917 |
4 hours ago Last Post: VictorPipeau |
||
| [FREE] HackTheBox Dante - complete writeup written by Tamarisk | 601 | 91,515 |
4 hours ago Last Post: VictorPipeau |
||
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 371 | 92,790 |
6 hours ago Last Post: phannguyenbaouy1 |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 21 | 2,604 |
9 hours ago Last Post: popoler |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 23 | 2,249 |
Yesterday, 02:10 PM Last Post: kkkato |
||