Skip to main content

One post tagged with "Code Injection"

Code injection is a type of cyber attack where an attacker injects malicious code into a legitimate application or system, allowing them to execute arbitrary commands or manipulate data. This can be done by manipulating input fields, exploiting vulnerabilities, or tricking the application into executing user-supplied code. Once injected, the malicious code can lead to unauthorized access, data theft, or even complete control of the compromised system.

View All Tags

HTB | Unified | Write-Up

· 20 min read

Summary:

We test connectivity and scan the target, then enumerate its web app and identify vulnerabilities. We find a Log4Shell vulnerability and exploit it using Metasploit to get a reverse shell connection with low-level access. From there, we grab the user flag and use our access to modify the admin credentials in the MongoDB database. We then log in as admin and change the recorded SSH credentials to ones under our control, granting us root privileges. Finally, we obtain the root flag.

Machine Name: Unified | Difficulty: Easy | OS: Linux