· Manuel López Pérez · writeups  · 1 min read

WriteUp - Canape (HackTheBox)

Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.

Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.

Today we bring a new writeup of Hackthebox. This time it’s Canape

Canape

Created by overcast Write-up By manulqwerty
manulqwerty-canape.pdf

—> https://ironhackers.es/en/writeups/writeup-canape-hackthebox-2/

Share:
Back to Blog

Related Posts

View All Posts »
WriteUp - Canape (HackTheBox)

WriteUp - Canape (HackTheBox)

Write-up de Canape (HackTheBox). Máquina Linux intermedia que explota una deserialización insegura de pickle en Flask + CouchDB. Incluye RCE vía payload pickle, enumeración de CouchDB y escalada a root abusando de sudo pip install.

WriteUp - Valentine (HackTheBox)

Valentine write-up (HackTheBox): classic Linux machine that exploits Heartbleed (CVE-2014-0160) to extract Apache's RSA private key, then uses the key to connect via SSH and escalate to root with a vulnerable binary.

WriteUp - Valentine (HackTheBox)

Write-up de Valentine (HackTheBox): máquina Linux clásica que explota Heartbleed (CVE-2014-0160) para extraer clave privada RSA de Apache, y luego usa la clave para conectarse por SSH y escalar a root con un binario vulnerable.

WriteUp – Aragog (HackTheBox)

WriteUp – Aragog (HackTheBox)

Aragog write-up (HackTheBox): initial scan, XXE exploitation to read SSH keys, user access, WordPress modification to steal admin credentials and escalate to root. Intermediate level with a focus on XXE and creative post-exploitation.