This article discusses the exploitation of vulnerabilities in a web application called “Chemistry CIF Analyzer” to gain unauthorized access and escalate privileges. The initial setup involves modifying the hosts file, scanning the target with tools like RustScan and Nmap, and identifying vulnerable components within the application. An arbitrary code execution vulnerability allows for a reverse shell, leading to user credential retrieval, with further escalation achieved through local file inclusion vulnerabilities and SSH certificate exploitation. Affected: Chemistry CIF Analyzer, Target Domain, Ubuntu 20.04 (OpenSSH 8.2), Python Environment
Keypoints :
- Initial setup included modifying the hosts file to connect with the target domain.
- Port 22 (SSH) and port 5000 (HTTP) were identified through scanning.
- Web application “Chemistry CIF Analyzer” was found to accept .CIF files.
- Vulnerability in the pymatgen library allowed arbitrary code execution through crafted .CIF uploads.
- A reverse shell was successfully triggered using the upload feature of the application.
- User credentials were obtained by exploiting a database file.
- Privilege escalation was achieved via a Local File Inclusion vulnerability in the aiohttp library.
- Root access was achieved through SSH certificate exploitation.
Full Story: https://medium.com/@Retr0LoveLace/chemistry-hack-the-box-b3b6b91bd7bf?source=rss——cybersecurity-5