[HackTheBox] Shocker

This is a very intuitive box. Once you get what vulnerability is there, its a straight path to root.

Reconnaissance:

Nothing really impressive.

Enumeration:

WEB :

Only this picture on the main page.

This picture does not give any good leads even when put through binwalk and exiftool. So lets leave this for now.

Dirbuster show no good results:

Nothing is usefull here

SSH → Ran this for a good 10 mins but was getting a lot of false positives.

After Looking through my notes from other boxes, I could only come to the conclusion that this box had shellshock vulnerability and the name suggested this too.

But there is no directory accessible within cgi-bin or is there?

To find that out I ran dirbuster with extentions html,txt,php,pl,py,sh and cgi. This gave me some results after all.

Foothold:

After this is was just this blog which gave me the foothold.

Privilege Escalation:

Very anticlimatic.

A simple GTFOBins gave me root and voila.

This box was only possible for me since I have been making exhaustive notes throughout my journey, hence I have some reference but now if there is nothing else available, shellshock on cgi-bin is the first thing I will be coming after.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store