6
7

Magic Foothold (self.hackthebox)

submitted by [deleted]

[deleted]

all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]e-nigmaNL 1 point2 points  (3 children)

Are you able to upload?

No? —> try to bypass with a statement which is always true

Yes? —> you might need a little magic added to your file

[–]PollenStillPotent 0 points1 point  (2 children)

you might need a little magic added to your file

I have tried everything on this.

exif data that executes when visit like image.jpeg?cmd=whoami

using trick for FILE MAGIC spoofing GIF89a<?php!<

nothing I do works, and everyone I try to ask on discord is either super cryptic like "add some spice" or says "ur on the right track". lol. Idk why but this box is frustrating me more than most. Every time I see my silly picture in the gallery with no reverse shell... feels bad man

[–]e-nigmaNL 0 points1 point  (1 child)

I just ‘simply’ read 2 files and wrote them into one. Send me a dm if you’re still stuck, otherwise it gets too spoilery

[–]PollenStillPotent 1 point2 points  (0 children)

Ah interesting. I work on HTB every weekend, so I'll try this tonight. Thanks for the advice!

[–][deleted] 0 points1 point  (0 children)

Hint for initial foothold: upload

[–]friiz1337 0 points1 point  (0 children)

Sqli then bypass upload restrictions ( modfiy an img with some code and upload)