Skip to main content

One post tagged with "Weak Permissions"

Weak permissions refer to inadequate file and directory access controls on a system, making it vulnerable to unauthorized access and modification by users with lower privilege levels. This can occur when files or directories are assigned overly permissive ownership or group membership, allowing attackers to exploit these weaknesses and gain elevated privileges.

View All Tags

HTB | Markup | Write-Up

· 15 min read

Summary:

We test connectivity to the target and scan it, then enumerate its website and login with some default credentials. Once we have user access, we continue enumerating the site. Analyzing the page source code reveals the used XML version and a potential username.

We exploit the found XXE vulnerability to leak the user's private SSH key, allowing us to access the target machine via SSH and gain user-level access. Next, we grab the user flag. With our foothold established, we enumerate the machine with user-level access until we find a job.bat file that runs with administrator privileges. We exploit this by modifying the scheduled job to run our reverse shell, wait for it to execute, and catch the connection to gain administrative access to the target machine. Finally, we grab the root flag.

Machine Name: Markup | Difficulty: Easy | OS: Windows