RedCross From HackTheBox was like a maze, with several different paths to achieve shell and root. We’ll start by listing a website and demonstrating two distinct techniques, SQL injection and XSS, for obtaining a cookie that may be used to access the admin panel. Then, using either an exploit in the Haraka SMTP server or an injection into a webpage and manipulation of the PostgreSQL database that manages the users in the ssh jail, We’ll gain access to the box as Penelope. Finally, We’ll demonstrate three different ways to escalate to root, as well as two additional approaches that involve the database among them.

Video Walkthrough

CTF Writeup, HackTheBox Red Cross, OWASP, sql inection, XSS

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Linux Privilege Escalation Through X11 Authorization | HackTheBox Squashed

Understanding The Bypass Of File Upload Extension Filters P10 | TryHackMe Opacity

Press ESC to close

Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Linux Privilege Escalation Through X11 Authorization | HackTheBox Squashed

Understanding The Bypass Of File Upload Extension Filters P10 | TryHackMe Opacity