Hack The Box :: Shocker
Published in
2 min readMay 2, 2020
ShellShock | Sudo
Run nmap
Since the name suggested it might be related to shellshock lets try to find some cgi script that we can target.
And we find one. Finding an exploit in searchsploit.
Lets try the highlighted one…
And we get a user shell. Lets do some recon to see any issues leading to root
Clearly that is not difficult to do. Spawning a bash shell using sudo perl
And we have root !