#Command_Injection | samiko@127.0.0.1~$

Future Router - UMassCTF 2024 Writeup

A web category challenge which involves chaining an arbitrary file read vulnerability in a cURL utility with a command injection vulnerability on a WebSocket-based customer service agent.

Posted on Mon, Apr 22, 2024 UMassCTF'24 Web Application Command Injection

ScriptKiddie - HackTheBox Writeup (10.10.10.226)

Easy-difficulty Linux box on exploiting CVE-2020-7384 APK template vulnerability in MSFvenom. Privilege escalation by exploiting a command injection vulnerability in a Bash script, then pivoting to a privileged user with sudo rights on msfconsole.

Posted on Sun, Jun 13, 2021 Easy Linux Web Application MSFvenom Command Injection

Time - HackTheBox Writeup (10.10.10.214)

Medium-difficulty Linux box on exploiting SSRF vulnerability CVE-2019-12384 in Jackson and leveraging a privileged shell script to gain root.

Posted on Sun, Apr 11, 2021 Medium Linux Web Application Jackson Command Injection

Doctor - HackTheBox Writeup (10.10.10.209)

A not-so-easy Linux box about advanced URL command injection and exploiting Splunk Universal Forwarder to gain root and persistence.

Posted on Sat, Feb 27, 2021 Easy Linux Web Application Command Injection Splunk Forwarder