HTB Writeup — conversor (10.10.11.92) Scope & notes: Target: 10.10.11.92 — Linux box (Hack The Box lab).
HTB Writeup — conversor (10.10.11.92)
Scope & notes: Target: 10.10.11.92 — Linux box (Hack The Box lab).
TL;DR
Initial foothold: XSLT injection / upload leads to writing a Python script under the webroot. The
script revealed credentials (users.db) or directly enabled command execution. Using cre...