XPATH
OFFSEC - Proving Grounds - WHEELS
·1818 words·9 mins
OFFSEC PG PRACTICE
XPATH
HASHCAT
Wheels CarService website on port 80 has XPATH injection vulnerability which leads to gaining credentials for initial access. SUID on a binary with path traversal vulnerability to dump /etc/shadow. Crack hash with hashcat to gain root.