HackTheBox - Pilgrimage Writeup
Pilgrimage is an easy Hack The Box Linux machine with a web app exposing a Git repository. Source code analysis reveals a vulnerable ImageMagick version, allowing arbitrary file read via a crafted PNG. This exposes a SQLite DB with SSH credentials. Privilege escalation is achieved by exploiting CVE-2022-4510 in a root-executed Binwalk script, resulting in root RCE.
November 25, 2023 1 min read CVE-2022-44268 CVE-2022-4510 git-dumper pngcrush exiftool binwalk pspy