0xdf.gitlab.io/2023/08/26/htb-onlyforyou.html
Preview meta tags from the 0xdf.gitlab.io website.
Linked Hostnames
21- 33 links to0xdf.gitlab.io
- 4 links toneo4j.com
- 3 links toapp.hackthebox.com
- 2 links todocs.python.org
- 2 links togithub.com
- 2 links topentester.land
- 2 links towww.youtube.com
- 2 links toyoutube.com
Thumbnail
Search Engine Appearance
HTB: OnlyForYou
OnlyForYou is about exploiting Python and Neo4J. I’ll start by exploiting a Flask website file disclosure vulnerability due to a misunderstanding of the os.path.join function to get the source for another site. In that source, I’ll identify a command injection vulnerability, and figure out how bypass the filtering with a misunderstanding of the re.match function. Exploiting this returns a shell. I’ll pivot to the next user by abusing a Cypher Injection in Neo4J, and then escalate to root by exploiting an unsafe sudo rule with pip.
Bing
HTB: OnlyForYou
OnlyForYou is about exploiting Python and Neo4J. I’ll start by exploiting a Flask website file disclosure vulnerability due to a misunderstanding of the os.path.join function to get the source for another site. In that source, I’ll identify a command injection vulnerability, and figure out how bypass the filtering with a misunderstanding of the re.match function. Exploiting this returns a shell. I’ll pivot to the next user by abusing a Cypher Injection in Neo4J, and then escalate to root by exploiting an unsafe sudo rule with pip.
DuckDuckGo
https://0xdf.gitlab.io/2023/08/26/htb-onlyforyou.htmlHTB: OnlyForYou
OnlyForYou is about exploiting Python and Neo4J. I’ll start by exploiting a Flask website file disclosure vulnerability due to a misunderstanding of the os.path.join function to get the source for another site. In that source, I’ll identify a command injection vulnerability, and figure out how bypass the filtering with a misunderstanding of the re.match function. Exploiting this returns a shell. I’ll pivot to the next user by abusing a Cypher Injection in Neo4J, and then escalate to root by exploiting an unsafe sudo rule with pip.
General Meta Tags
10- titleHTB: OnlyForYou | 0xdf hacks stuff
- nameHTB: OnlyForYou
- charsetutf-8
- X-UA-CompatibleIE=edge
- viewportwidth=device-width, initial-scale=1
Open Graph Meta Tags
7- og:titleHTB: OnlyForYou
og:localeen_US- og:descriptionOnlyForYou is about exploiting Python and Neo4J. I’ll start by exploiting a Flask website file disclosure vulnerability due to a misunderstanding of the os.path.join function to get the source for another site. In that source, I’ll identify a command injection vulnerability, and figure out how bypass the filtering with a misunderstanding of the re.match function. Exploiting this returns a shell. I’ll pivot to the next user by abusing a Cypher Injection in Neo4J, and then escalate to root by exploiting an unsafe sudo rule with pip.
- og:urlhttps://0xdf.gitlab.io/2023/08/26/htb-onlyforyou.html
- og:site_name0xdf hacks stuff
Twitter Meta Tags
2- twitter:cardsummary
- twitter:site@0xdf_
Link Tags
11- alternatehttps://0xdf.gitlab.io/feed.xml
- canonicalhttps://0xdf.gitlab.io/2023/08/26/htb-onlyforyou.html
- icon/assets/icons/favicon-32x32.png
- icon/assets/icons/favicon-16x16.png
- stylesheet/assets/css/bootstrap-toc.min.css
Emails
1Links
63- https://0xdf.gitlab.io
- https://0xdf.gitlab.io/2022/10/08/htb-opensource.html#directory-traversal
- https://0xdf.gitlab.io/2023/08/26/htb-onlyforyou.html
- https://0xdf.gitlab.io/about
- https://0xdf.gitlab.io/cheatsheets