Road to OSCP: HTB Series: POISON Writeup

Recon Phase

Information Gathering

When we send info.php as form input
When we submit phpinfo.php as form input

Exploitation

Privilege Escalation

Information Gathering

Exploitation to get Root

ssh -L 5000:127.0.0.1:5901 charix@10.10.10.84

Learning Points

--

--

--

OSCP | CTF Player | Penultimate Information System Student in SMU | Major in Cybersecurity

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why Verification Matters

Tips For Keeping Your Digital Life Secure

Top Cybersecurity Companies in Africa

How I was able to Turn a XSS into A Account Takeover

Valentine’s Day is Christmas for fraudsters, but they don’t take days off

{UPDATE} Can You Escape Temple? Hack Free Resources Generator

Mobile Security Testing Tools: MobSF vs. Competitors

🤝Partners

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Louis Low

Louis Low

OSCP | CTF Player | Penultimate Information System Student in SMU | Major in Cybersecurity

More from Medium

Belkasoft Write-up: CTF 4

Solidstate | HTB | OSCP | Box 15

Beep HTB Writeup

Hack the Box: Active Write-Up