[HackTheBox] Shocker
This is a very intuitive box. Once you get what vulnerability is there, its a straight path to root.
Reconnaissance:
Enumeration:
WEB :
Only this picture on the main page.
This picture does not give any good leads even when put through binwalk and exiftool. So lets leave this for now.
Dirbuster show no good results:
Nothing is usefull here
SSH → Ran this for a good 10 mins but was getting a lot of false positives.
After Looking through my notes from other boxes, I could only come to the conclusion that this box had shellshock vulnerability and the name suggested this too.
But there is no directory accessible within cgi-bin or is there?
To find that out I ran dirbuster with extentions html,txt,php,pl,py,sh and cgi. This gave me some results after all.
Foothold:
After this is was just this blog which gave me the foothold.
Privilege Escalation:
A simple GTFOBins gave me root and voila.
This box was only possible for me since I have been making exhaustive notes throughout my journey, hence I have some reference but now if there is nothing else available, shellshock on cgi-bin is the first thing I will be coming after.
