top of page
Image by Blake Cheek
  • Writer's pictureBeri Contraster

Photobomb - HackTheBox Walkthrough

Linux . Easy

Created by slartibartfast

Released on 08 Oct 2022

Welcome Reader, Today we'll hack Photobomb from HackTheBox. It's an easy Linux machine. Let's start with an Nmap scan.

Nmap Scan

A web server is running on Nginx 1.18.0. Going over to the web server redirects to the photobomb.htb let's add it to the /etc/hosts and refresh the site.

Nothing is interesting on the website except the "click here!" which redirects to a login prompt but we don't have the credentials yet. The credentials are stored in the welcome pack.

I found an interesting file on the website source page. It's always a good idea to take a look at the source page.

Let's take a look at the photobomb javascript file.

There are plain text credentials stored in this file that we can use to log in.

Command Injection

After logging in we are represented with this page where we can download the image to print. Let's fire up Burp and capture the request. I tried command injection and successfully achieved command execution.

The filetype is vulnerable to command injection. We confirmed it using the sleep command. Let's get a reverse shell.


We can use the following command. Don't forget to fire up the Netcat listener. We can use ctrl+u to URL encode our command.


We can run /opt/ as root and set new PATH variables. Let's take a look at the file contents.

The find does not use an absolute path we can do path hijacking and execute a malicious file named find. Let's create a file with the name "find" under /tmp.

Let's execute the file.

We are now root.

Thanks for reading. Happy Hacking :)

-- bericontraster

3 views0 comments

Recent Posts

See All


bottom of page