HackTheBox - Photobomb

00:00 - Intro
01:00 - Start of nmap
02:17 - Discovering this is a ruby Sinatra Web App based upon error message
03:15 - Discovering credentials in javascript
04:30 - Examining the HTTP Request to resize images and discovering an RCE
10:10 - Getting a reverse shell
11:12 - Discovering we have SETENV with sudo on a script, checking for path injection
12:30 - Exploiting path injection with the find command
16:00 - Exploiting path injection because the script disables …

app command credentials error exploiting find hackthebox http images injection javascript message nmap path photobomb rce request reverse reverse shell ruby script shell start sudo web web app