Skip to content
📦 Hack the Box

Blackpearl

  1. ffuf give us nothing
  2. dnsrecon -r 127.0.0.0/24 -n 10.0.2.X -d blah
    1. blackpearl.local 127.0.0.1
  3. add this info inside your /etc/hosts
  4. access blackpearl.local and see php page
  5. try ffuf inside this new page
  6. finded /navigate
  7. search google -> navigate cms exploit
  8. find Metasploit
    1. set LHOST
    2. set VHOST (blackpearl.local)
    3. run
    4. shell
  9. user www-data
  10. need to use privilege escalation
  11. spawn tty shell (search google)
  12. run linPEAS to privilege escalation
    1. find SUID binaries
    2. find / -type f -perm -4000 2>/dev/null
  13. GRFObins
    1. suid
    2. use php module
  14. /usr/bin/php7.3 XXXX(CODE_SUID_FROM_GRFOBINS)
  15. DONE