From inside a container, I can reach a dev instance and an API that effectively let’s me apply a given regex to a file on the filesystem, which I’ll turn into a file read exploit with some Python scripting. I’ll start by exploiting an IDOR vulnerability to leak hashes, cracking one and getting access to a website that manages containers. It’s got a lot of enumerating and fuzzing to find next steps and a fair amount of programming required to solve.
RainyDay is a different kind of machine from HackTheBox.
Hackthebox ctf htb-rainyday nmap ffuf subdomain docker container feroxbuster idor john chisel foxyproxy socks proxychains api flask flask-cookie python python-requests youtube flask-unsign jail python-use-after-free unicode emoji john-rules
0 kommentar(er)
