Skip to main content

3 posts tagged with "Source Code Analysis"

Source code analysis involves examining a program's underlying code to understand its functionality, identify vulnerabilities, and uncover hidden features. This can be done manually or with automated tools to gain insight into the code's inner workings.

View All Tags

HTB | Under Construction | Write-Up

· 16 min read

Summary:

We prepare for a challenge by preparing challenge files, then proceed to perform source code analysis using VSCodium. As we delve into the code, we identify vulnerabilities in the "requirements" section (CVE-2023-2142, CWE-1321), as well as a SQL Injection vulnerability within the "getUser()" function located in the "helpers/DBHelper.js" file. Furthermore, we discover additional vulnerabilities in the "helper/JWT.js" file, specifically CVE-2022-23539, CVE-2022-23540, and CVE-2022-23541. We then exploit CVE-2022-23541 to gain access, followed by exploiting the SQL Injection vulnerability within the "getUser()" function.

As we navigate through the application, we determine the selected row and column number of interest. Next, we identify a table called "flag_storage" containing sensitive information, along with a specific column labeled as "top_secret_flag". With this knowledge in hand, we proceed to grab the flag from its designated location. We then submit our findings, encapsulating the flag within an HTB{...} notation, and declare Challenge Completed once this task is accomplished.

Challenge Name: Under Construction | Difficulty: Medium | Category: Web

HTB | Base | Write-Up

· 14 min read

Summary:

We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.

Machine Name: Base | Difficulty: Easy | OS: Linux

HTB | Vaccine | Write-Up

· 23 min read

Summary:

We test connectivity and scan the target, then use anonymous FTP access to download and crack a zip archive using John the Ripper. Analyzing the source code and exploiting a hardcoded hash gives us web app access via compromised credentials.

We identify an SQL injection vulnerability, gain control, and upgrade to a reverse shell with low-privileged access. As we enumerate the machine, we find privilege escalation opportunities and exploit SUDO vulnerabilities to gain root access, ultimately obtaining both user and root flags.

Machine Name: Vaccine | Difficulty: Easy | OS: Linux