WordPress & Initctl on ChromeOS – Spectra @ HackTheBox



We are going to solve Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to upload a malicious plugin via Metasploit and get a shell. For root, we replace a file that is executed if we run sudo initctl.

Join the discord: https://discord.gg/qdbJqXKPQ3 !

[ Timestamps ]
00:00 Intro
00:20 User
04:37 Root

[ Notes & Links ]
• https://www.hackthebox.eu/

[ Desktop ]
• https://github.com/xct/kali-clean

[ About ]
• https://vulndev.io
• https://twitter.com/xct_de
• https://github.com/xct
• https://www.patreon.com/xct

This is purely educational content – all practical work is done in environments that allow and encourage offensive security training.

source