HTB - Pilgrimage Writeup

• git-dumper

  2 1,657 6.7 Python

  A tool to dump a git repository from a website

Now we know for sure there is a /.git/ folder on the server. Now we can use a tool like Git dumperto extract all of the information from the git folder on to our own machine and take a look at the source code.

• CVE-2022-44268

  3 208 10.0 Rust

  A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read

ARBITRARY REMOTE LEAK with CVE-2022-44268

• Scout Monitoring

  www.scoutapm.com featured

  Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

  

• ImageMagick

  169 11,350 9.7 C

  🧙‍♂️ ImageMagick 7

  

• binwalk

  29 10,250 0.0 Python

  Firmware Analysis Tool

  

• CyberChef

  286 26,054 9.3 JavaScript

  The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

  

When we did cargo run "/etc/passwd" on the file we got an image with code injected into it. When we upload it to the server and download the "shrunken" version of it we can run identify -verbose {image} to get the outputting hex values of our input. Inputting it to something like CyberChef and converting it from hex to ascii we get this output:

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project