The first step is exploiting a vulnerability in the source code of a Python application to read a local file (LFI). This reveals another misconfiguration, which allows us to bypass regex verification and achieve remote code execution. We then use cypher injection to get the user flag. Finally, we exploit Python pip download vulnerabilities to escalate to root.

On Investigation we exploit an exiftool vulnerability from file upload that allow command execution and to gain a reverse shell. Next we get credentials for one user from a mail text message. Finally, for root we have to do a little bit of binary exploitation using ghidra.

Today we’re exploiting Photobomb one the easiest machine on HackTheBox. We’ll perform a command injection to gain a reverse shell on the box and exploit a script using path variables.