HTB Agile: Formal Write-up
·1829 words·9 mins·
loading
·
loading
Synopsis: # The Agile HTB Linux machine hosted a password manager that was vulnerable to IDOR and LFI. An attacker could exploit the IDOR to obtain the user corum’s SSH password and exploit the LFI to disclose the source code and other confidential files. Upon landing on the host, an attacker could build a SSH local port forwarding to find a test web application. The test web application was not significantly different from the main application, but it was vulnerable to the same IDOR vulnerability. By exploiting this vulnerability, an attacker could find a pair of credentials for the user edwards. The user edwards was able to run sudoedit commands only as the user “dev_admin” on two files. The host was also vulnerable to CVE-2023–22809, which could be exploited to add a reverse shell to the app/venv/bin/activate file and compromise the host.