mmckinnon/chirpy-starter
1
0
Fork 0
mirror of https://github.com/cotes2020/chirpy-starter.git synced 2025-04-21 11:53:27 +10:00
Code Issues Actions Packages Projects Releases Wiki Activity
chirpy-starter/_posts/2024-01-10-blurry.md
racc0x 6278b1b310 update-2025
2025-02-03 22:22:27 -06:00

97 lines
3.3 KiB
Markdown
Raw Blame History

---
title: HTB - Blurry
date: 2024-02-02 12:17:34 -0400
categories: [hackthebox , Blurry]
tags: [HackTheBox, CVE-2024-24590, ClearML, pickle files, pth files,artifact, API]
image:
path: /assets/img/post/blurry/Blurry.png
lqip: data:image/webp;base64,UklGRpoAAABXRUJQVlA4WAoAAAAQAAAADwAABwAAQUxQSDIAAAARL0AmbZurmr57yyIiqE8oiG0bejIYEQTgqiDA9vqnsUSI6H+oAERp2HZ65qP/VIAWAFZQOCBCAAAA8AEAnQEqEAAIAAVAfCWkAALp8sF8rgRgAP7o9FDvMCkMde9PK7euH5M1m6VWoDXf2FkP3BqV0ZYbO6NA/VFIAAAA
alt: Hack the Box - Blurry.
---
## Box Info
| Name | Blurry |
| :-------------------- | ---------------: |
| Release Date | 30 Mar, 2024 |
| OS | Linux |
| Rated Difficulty | Medium |
## **Enumeration**
```bash
nmap -p- --open --min-rate 5000 -sS -vvv -n -Pn 10.10.11.19 -oG allports
nmap -sCV -p 22,80 10.10.11.19 -oN targeted
```
![Image](/assets/img/post/blurry/0.png)
```bash
echo " 10.10.11.19 app.blurry.htb" | sudo tee -a /etc/hosts
```
## ClearML
![Image](/assets/img/post/blurry/1.png)
At this point, it is important to know what clear ML is and how it works.
After much searching and gathering information, I found that we can connect through a Python package called clearml-agent and create an environment.
During the research process, I found that clearml has a **`CVE-2024-24590: Pickle Load on Artifact Get`**.
## CVE-2024-24590
*ClearML involves the inherent insecurity of pickle files. We discovered that an attacker could create a pickle file containing arbitrary code and upload it as an artifact to a project via the API. When a user calls the get method within the Artifact class to download and load a file into memory, the pickle file is deserialized on their system, running any arbitrary code it contains.*
<https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/#The-Vulns>
![Image](/assets/img/post/blurry/3.png)
### Create credentials
To do this, we need to create new credentials to connect through clearml-agent, and to set up, we use the 'init' option.
![Image](/assets/img/post/blurry/4.png)
We press enter on the options and boom, we're connected.
![Image](/assets/img/post/blurry/5.png)
So once connected, we'll proceed to exploit the vulnerability.
![Image](/assets/img/post/blurry/6.png)
<https://clear.ml/docs/latest/docs/guides/reporting/using_artifacts/
<https://davidhamann.de/2020/04/05/exploiting-python-pickle/>
![Image](/assets/img/post/blurry/7.png)
## Privilege Escalation
### Sudo -l
Once **I had the reverse shell**, I continued with my enumeration and found a vulnerability with 'sudo -l
![Image](/assets/img/post/blurry/2.png)
I dug into the files and found that when executing /usr/bin/`evaluate_model`, it ran the `demo_model.pth`, which in turn executed the .py file located in `/models/`{: .filepath}. So, I modified the .py file to obtain a reverse shell.
![Image](/assets/img/post/blurry/8.png)
<https://www.revshells.com/>
But be careful, it runs with 'sudo' as it doesn't require a password to execute it, so we'll obtain a privileged reverse shell.
```bash
sudo evaluate_model /models/demo_model.pth
```
![Image](/assets/img/post/blurry/9.png)
With netcat listening the port 9001
![Image](/assets/img/post/blurry/10.png)
**`Root`**
![Image](/assets/img/post/blurry/11.png)
Reference in New Issue View Git Blame Copy Permalink