POISON -Hack The Box Walk through

changing payload to <?php system($_GET[‘cmd’]);?> in user-agent and sending the request.

EXPLOITATION

PRIVILEGE ESCALATION

on victim machine
vnc running as root.
  1. Now we will do ssh tunneling such that connecting to our localhost at port 8081 , connects to poison’s localhost on port 5901
root flag.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dhanishtha Awasthi

Dhanishtha Awasthi

OSCP | CEH | Cyber Security Enthusiast.