Craft — HackTheBox

Summary

Reconnaissance

Original contents of dbtest.py
Modified sql parameter and changed cursor.fetchone() to cursor.fetchall()
Extra sets of credentials after running dbtest.py

Privilege Escalation

script on gilfoyle’s repository
Password will be ‘b6db24c6-d65f-24cc-4c07-e7b06e283d5a’.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store