Tags/ Command Injection

Command Injection

8 writeups tagged with Command Injection

VHL — Mon02

Centreon IT monitoring platform on Red Hat. Default credentials lead to authenticated RCE via malicious poller command injection.

#Centreon#Default Creds#Command Injection

Feb 16, 2025Virtual Hacking Labs

WebEasyLinux

HTB — OpenAdmin

OpenNetAdmin 18.1.1 RCE via command injection in web console. Internal Apache vhost with SSH key in password-protected page for lateral movement.

#OpenNetAdmin#Command Injection#RCE

Jan 18, 2025HackTheBox

MiscMediumLinux

HTB — Mentor

SNMP v3 credential brute-force yields API secret. Command injection in backup API endpoint. PostgreSQL password enables lateral movement and sudo root.

#SNMP#Command Injection#API

Jan 15, 2025HackTheBox

WebEasyLinux

HTB — Sea

WonderCMS CVE-2023-41425 XSS to RCE via theme upload. Credential reuse for lateral movement. Port-forwarded internal tool for command injection privesc.

#WonderCMS#XSS#RCE

Jan 14, 2025HackTheBox

WebEasyLinux

HTB — CozyHosting

Spring Boot Actuator exposes session cookies. Hijacked admin session to exploit command injection in SSH endpoint for reverse shell.

#Spring Boot#Actuator#Command Injection

Nov 26, 2024HackTheBox

WebEasyLinux

HTB — Sau

Maltrail 0.53 SSRF on a request-basket service. CVE-2023-27163 chained to unauthenticated OS command injection for initial access, sudo privesc.

#SSRF#Command Injection#CVE-2023-27163

Nov 19, 2024HackTheBox

WebMediumLinux

HTB — Sense

pfSense 2.1.3 authenticated command injection (CVE-2014-4688). Credentials found via directory fuzzing on the web interface.

#pfSense#Command Injection#CVE-2014-4688

Mar 29, 2022HackTheBox

WebMediumLinux

HTB — Cronos

DNS zone transfer reveals hidden vhosts. SQL injection login bypass, OS command injection for shell, cron privesc.

#DNS#SQLi#Command Injection

Mar 27, 2022HackTheBox