HackTheBox: Shocker - Shellshock Exploitation & Perl Sudo Privesc
Introduction Shocker is a Linux machine on HackTheBox that teaches the infamous Shellshock vulnerability (CVE-2014-6271). The box name itself is a hint at the attack vector. We’ll exploit a vulnerable CGI script to gain initial access, then abuse sudo permissions on Perl to escalate to root. Difficulty: Easy OS: Linux Skills: CGI enumeration, Shellshock exploitation, sudo abuse Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/shocker 10.129.2.16 Port Service Version 80 HTTP Apache 2.4.18 (Ubuntu) 2222 SSH OpenSSH 7.2p2 Two ports open. SSH on a non-standard port (2222 instead of 22) and Apache web server. ...