Post

LFI to RCE, Sticky Notes & SQLi - Breadcrumbs @ HackTheBox

We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sticky notes content & exploiting a SQL injection.

This post is licensed under CC BY 4.0 by the author.