Shocker | HTB Writeup


Shocker is an easy Linux based machine in HackTheBox by mrb3n

User Part

Start with Nmap scan found 2 open ports.

80: HTTP

2222: SSH

I checked the website. It’s a normal webpage, didn’t found anything interesting.

So without wasting my time I started checking directory brute-forcing.

I got a directory which is /cgi-bin/.

Basically /cgi-bin/ folder can be exploitable by shellshock vulnerability if I can find any file in /cgi-bin/.

So I started enumerating that directory using FFUF and got a file. 

I used Metasploit for exploitation and got the user flag.

Root Part

Then I checked with sudo -l for listing commands that I can run with root privilege and I can run /usr/bin/perl command.

Using GTFObins, I got how to exploit, and now I am the root user.

Share on facebook
Share on twitter
Share on linkedin