Writeup HackTheBox ScriptKiddle
under construction
tips
if you cant find exploit
if command, search result nothing.1
use exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection
download file into1
/usr/share/metasploit-framework/modules/exploits/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection.rb
github rapid7 metasploit_msfvenom_api_template_cmd_injection.rb
and run command in msf1
reload_all
echo redirect into file with permission but nothing write in it.
search about incorn
shell not work
Errors may occur at the same time, break down the steps, and verify one by one. You need to have an expectation before each step is executed, and observe side effects such as output. Try to run locally to find different places.
reference
exploit-file
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection.rb
rapid7
https://www.rapid7.com/db/modules/exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection/
exploit-db
https://www.exploit-db.com/exploits/49491
incorn
https://www.geeksforgeeks.org/incron-command-in-linux-with-examples/