Php

Bashed is a good reminder that developers are the best pentesters’ allies - a web shell left in /dev does most of the work for you, and the path to root runs through a misconfigured sudo and a predictable job. Machine info Name Bashed Platform HackTheBox OS Linux Difficulty Easy TL;DR FeroxBuster finds a /dev directory hosting phpbash.php - an interactive PHP web shell Shell as www-data, sudo -l reveals we can run anything as scriptmanager without a password A job runs /scripts/test.py as root - overwrite it with a reverse shell payload to escalate Recon Nmap 1 nmap -sV -sC -Pn -A 10.129.0.0 ...