HackTheBox — Hawk Wrietup

Enumeration

we find a user called Daniel and a password as well

EXPLOITING DRUPAL

save as php code
and finally we get a shell

local ssh tunneling

now click on connect and you will enter h2 with database name zeus
we are ROOT!!!
contents of exploit.sh
we are root !!!!!

CONCLUSION

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ZeusCybersec

I am a Penetration Tester, Currently pursuing OSCP. Skilled in Network Pen-testing and Developing Hacking Tools using Python. YouTube-ZeusCybersec