pentestmedium

Interpreter (Mirth Connect → f-string Injection)

hackthebox

Task: HackTheBox machine with Mirth Connect 4.4.0 healthcare integration engine. Solution: CVE-2023-43208 XStream deserialization for initial RCE as mirth user, then privilege escalation via Python f-string double eval injection in internal Flask service running as root, using chr() encoding to bypass regex filter.

$ ls tags/ techniques/

flask rce deserialization internal_service python_eval chr_encoding privesc mirth_connect cve-2023-43208 xstream fstring_injection hl7 healthcare regex_bypass

xstream_deserialization_rcefstring_double_evalchr_bypass_regexbase64_command_exfiltrationwget_post_file_exfilinternal_service_abusexml_injection_to_eval

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]