AI write-up by limbernie

An excellent box with a pretty novel idea for SQL injection: Text-to-Speech and Speech Recognition.

https://hackso.me/ai-htb-walkthrough/

Cool

wow that’s a really cool way of doing it

Also a quick question about the way you got root.

I see you attached a debugger to the java program, but does that allow you to actually insert/modify code on the fly? If not I’m not sure I understand how you got your reverse shell to be triggered

Yes. that’s the feasibility of JDWP port

very good machine, i love the idea to spell the instructions hehe: D, but the real challenge is debug java

Why did “sudo -u#-1 vi” not work on the machine? Version 1.8.21p2-3ubuntu1.1 should be vulnerable.

Take it as another challenge and figure it out :wink:

I see it is a patched version by Ubuntu: USN-4154-1: Sudo vulnerability | Ubuntu security notices | Ubuntu And yes I have to look deeper next time…