swagshop @ hackthebox. 5 mins to root.

  1. magento is vulnerable to 37977.py
    adjust exploit settings so target url contains index.php/
  2. user.txt is at /home/h***s/user.txt
  3. get app/etc/local.xml. it’s useless 🙂 .
  4. using magento downloader tool, install Magpleasure_Filesystem to upload shell
  5. admin_user is haris. just for your information 🙂
  6. /etc/sudoers is readable. so
    launch vi with appropriate path to fetch root flag.

Leave a reply