infraProeasy

Воллхак (Wallhack)

hackerlab

Task: Pentest machine with web service for viewing tar archives. Solution: Tar symlink traversal attack to read SSH private key, then privilege escalation via sudo tar checkpoint-action (GTFOBins).

$ ls tags/ techniques/
flaskpath_traversalwerkzeugarbitrary_file_readgtfobinsprivilege_escalationtar_symlink_attackssh_key_theftsudo_tar
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub to continue. No email required.

$sign in

$ grep --similar

Similar writeups