#suid

4 posts

22 Jul 2022 · 22 min hard Linux Charon

HTB: Charon

A multi-stage Linux box requiring two SQL injection points, a case-sensitive keyword filter bypass, a hidden base64 upload field, RSA key factorisation, and a SUID binary with a newline injection to reach root.

#htb #linux #sql-injection #rsa +2

20 May 2022 · 17 min medium Linux Lazy

HTB: Lazy

A padding oracle in a custom PHP authentication cookie enables CBC bit-flipping to forge admin access, exposing an SSH key. A SUID binary with a relative PATH call to cat completes the root chain.

#htb #linux #padding-oracle #crypto +2

13 May 2022 · 18 min medium Linux October

HTB: October

Default credentials on October CMS grant admin access, the code editor provides RCE as www-data, and a 32-bit SUID buffer overflow with ASLR brute-force delivers root in under ten seconds.

#htb #linux #october-cms #file-upload +2

1 Apr 2022 · 14 min easy Linux Bank

HTB: Bank

A DNS zone transfer leaks the domain, a failed encryption process exposes plaintext credentials, a debug file extension bypass enables a webshell, and a custom SUID binary gives instant root.

#htb #linux #file-upload #dns +1