all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Pilgrimage HTB write up

Add to bookmarks
Dec. 5, 2023, 1:12 p.m. | Pr3ach3r

System Weakness - Medium systemweakness.com

Don’t leave your Git repository exposed

Pilgrimage easy machine

Introduction

Hello, everyone! Welcome back to my infosec journey. Today, I’ll be discussing Pilgrimage, an “easy” machine on the hackthebox.com website. To pwn this box, one can dump an exposed git repository and find the version of an ImageMagick program. By exploring CVE-2022–44268, also known as ImageMagick Arbitrary File Read, we can uncover the user credentials. Upon SSH access, a Binwalk task is running on the system. Verifying the …

hacking hackthebox htb-writeup infosec-write-ups pentesting

Visit resource

More from systemweakness.com / System Weakness - Medium

Protect Yourself from Online Scams: Essential Phishing Email Analysis Techniques. 1 day, 1 hour ago | systemweakness.com
cybersecurity ethical hacking information technology malware +1
Cross-Site Scripting: Understanding, Preventing, and Mitigating Risks 1 day, 16 hours ago | systemweakness.com
continue cross-site cybersecurity data +18
University Linux Course (CTIS166) VS HackTheBox Academy Linux Fundamentals Module 1 day, 16 hours ago | systemweakness.com
bilkent-üniversitesi gnu-linux information technology linux +1
TryHackMe — LDAP Injection — Writeup 1 day, 16 hours ago | systemweakness.com
cybersecurity cybersecurity awareness tryhackme tryhackme-walkthrough +1
Analyzing WSH RAT 1 day, 16 hours ago | systemweakness.com
cyberchef cybersecurity javascript malware analysis +1
The Essential Cybersecurity Mindset 1 day, 16 hours ago | systemweakness.com
age career advice cybersecurity cyber security awareness +20
Secure Architecture: Infrastructure Controls 1 day, 16 hours ago | systemweakness.com
architecture article ask controls +12
Data Breaching in Secure Companies 1 day, 16 hours ago | systemweakness.com
breach business companies continue +12
How Prompt Injection Can Steal Your Data 3 days, 20 hours ago | systemweakness.com
ai chatbots chatgpt cybersecurity +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com