Home / Writeups

Chemistry

Application discovery, CIF abuse, database inspection, and a forwarded dashboard path.

Hello. I’m Shrijesh Pokharel. Here is my Chemistry - HackTheBox writeup.

A network scan exposes ports 5000 and 22. The web app requires registration, and after clicking through to the next page I could download a CIF file for closer inspection.

I modified the CIF input and used the vulnerability path to obtain a shell as app@chemistry. From there I explored instance/database.db with SQLite, found user details, and cracked the password for rosa.

SSH access as rosa gave me the user flag. Later, linpeas highlighted an internal service on port 8080, so I forwarded it locally with SSH and inspected the dashboard from my browser.

That path led into a path-traversal style exploit against the local service, which exposed root.txt and completed the machine.

Key sequence: nmap -sC -sV → CIF inspection → shell as app → sqlite3 database.db → crack rosa → ssh rosa → ssh -L 8080 → path traversal

Back to writeups