HackTheBox: Bashed - Web Shell Discovery & Cron Privilege Escalation
Introduction Bashed is a Linux machine on HackTheBox that demonstrates the dangers of leaving development tools exposed on production servers. We’ll discover an exposed web shell, then escalate privileges through sudo misconfigurations and a root cron job. Difficulty: Easy OS: Linux Skills: Web enumeration, sudo abuse, cron job exploitation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/bashed 10.129.2.11 Results: Port Service Version 80 HTTP Apache 2.4.18 (Ubuntu) Only one port open - this is a web-focused box. The page title mentions “Arrexel’s Development Site”. ...