XSS,RCE and PostgreSQL Exploitation

RedCross From HackTheBox was like a maze, with several different paths to achieve shell and root. We’ll start by listing a website and demonstrating two distinct techniques, SQL injection and XSS, for obtaining a cookie that may be used to access the admin panel. Then, using either an exploit in the Haraka SMTP server or an injection into a webpage and manipulation of the PostgreSQL database that manages the users in the ssh jail, We’ll gain access to the box as Penelope. Finally, We’ll demonstrate three different ways to escalate to root, as well as two additional approaches that involve the database among them.

Get OSCP Notes

Video Walkthrough

CTF Writeups, HackTheBox Red Cross, OWASP, sql inection, XSS

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

HackTheBox SPG Challenge Writeup | Cryptography CTF Challenges

Blue Team SOC Real World Case Studies | Complete Walkthrough | TryHackMe Boogeyman 1,2,3

Auditing Explained in IT & Information Security