HTB TheFrizz #1348
Open
HTB TheFrizz #1348
+160
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Remove searchindex.js (auto-generated file)
🔗 Additional ContextOriginal Blog Post: https://0xdf.gitlab.io/2025/08/23/htb-thefrizz.html Content Categories: Based on the analysis, this content was categorized under "Generic Hacking -> Web: Arbitrary File Write to RCE (add a subsection with CVE-2023-45878 Gibbon LMS PoC and parameter format). Cross-link notes to Pentesting Network -> Kerberos/SMB (Kerberos-only environments: time sync, krb5.conf, GSSAPI SSH/SPN).". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
|
merge |
github-actions
bot
force-pushed
the
master
branch
11 times, most recently
from
948d841 to
40ff109
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
Technical Summary: Gibbon LMS Arbitrary File Write to Pre-Auth RCE (CVE-2023-45878)
Target and Recon
Windows Domain Controller exposing:
OpenSSH_for_Windows_8.15388/464389/3268445(NTLM disabled)9389httpd 2.4.58(OpenSSL 3....
- Web: Arbitrary file write to RCE – Gibbon LMS (CVE-2023-45878)
- File updated: src/pentesting-web/file-upload/README.md
- What: A new subsection “Gibbon LMS arbitrary file write to pre-auth RCE (CVE-2023-45878)” documenting:
- Vulnerable endpoint: /Gibbon-LMS/modules/Rubrics/rubrics_visualise_saveAjax.php
- Parameters and format: img must be “[mime];[name],[base64]”, with path= and a dummy gibbonPersonID.
- Clear curl PoCs to write a file and drop a minimal php webshell, with whoami example and notes on how the handler base64-decodes and writes bytes wit...
- searchindex.js removed: This auto-generated file has been removed to prevent conflicts
🔧 Technical Details
Pre-auth arbitrary file write to RCE in Gibbon (CVE-2023-45878): Target
modules/Rubrics/rubrics_visualise_saveAjax.phpand POSTimgas[mime];[name],[base64]with anygibbonPersonIDandpathto a.phpunder the app root. The server base64-decodes and writes bytes without validation, enabling a webshell. Exampleimg:image/png;foo,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7Pz4=andpat...🤖 Agent ActionsI’ve updated HackTricks with the key technical material from the blog and cross-linked the Kerberos-only environment notes into the most relevant network pentesting pages. Below are the changes implemented.
What I added
This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.
🗑️ File Cleanup
The searchindex.js file is automatically generated and should not be included in manual commits.