We are going to solve Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to upload a malicious plugin via Metasploit and get a shell. For root, we replace a file that is executed if we run sudo initctl.
Join the discord: https://discord.gg/qdbJqXKPQ3 !
[ Timestamps ]
00:00 Intro
00:20 User
04:37 Root
[ Notes & Links ]
• https://www.hackthebox.eu/
[ Desktop ]
• https://github.com/xct/kali-clean
[ About ]
• https://vulndev.io
• https://twitter.com/xct_de
• https://github.com/xct
• https://www.patreon.com/xct
This is purely educational content – all practical work is done in environments that allow and encourage offensive security training.
source