This is a classic Path Injection vulnerability.
In this blog post, we'll dive into the Red Failure machine on Hack The Box, a popular online platform for cybersecurity enthusiasts and professionals to practice their hacking skills in a safe and legal environment. Red Failure is a challenging machine that requires a combination of enumeration, exploitation, and privilege escalation skills. red failure htb
nmap -sC -sV -oA redfailure 10.10.11.XX
Get-ChildItem -Path C:\Users\Administrator\Desktop -Filter *flag* This is a classic Path Injection vulnerability
This yields a password hash. Using john or hashcat , we crack the hash to retrieve the plaintext credentials: admin:Sup3rS3cr3tP@ss . red failure htb
ssh -i id_rsa user@10.10.11.193