The box starts with a command injection vulnerability due to a bad filetype regex. The privesc instead thanks to the SETENV permission of sudo allows me to run a script as root and hijack the relative path of the find command.
30 November, 2022 00:00 CET