a.k.a: did I spend a week ricing Arch? perhaps.

they actually left the webshell on the server 🤦‍♂️

Intro

Today I am tackling the HackTheBox machine Headless. I will start with discovering a web server running on TCP/5000. Then I will uncover a Stored XSS. By exploiting this, I will exfiltrate the is_admin cookie, gaining access to the restricted endpoint, abuse a command injection within it to achieve RCE and establish a reverse shell. Ultimately, I will escalate privileges by exploiting a misconfigured script to obtain root access and pwn the target.

started to solve HackTheBoxes

a little bit of steganography