Bitlab — HackTheBox

https://www.hackthebox.eu/home/machines/profile/207

about this box:

Recon:

https://gist.github.com/ls4cfk/6108e728798f1d82cf588578bd7f859f#file-robots-txt
https://gist.github.com/ls4cfk/6108e728798f1d82cf588578bd7f859f#file-bookmarks-html

Okay, time to get the Reverse shell.

And we are in!

Its all set.

Let’s get the reverse shell as a root!

let’s forgot about it and get the user from www-data.

Some reverse-engineering

let’s see it with OllyDbg.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store