This is a walkthrough of the Hack The Box machine called “Reset”. It features the use of Burp Suite to analyze a website password reset, then deliver a payload by injecting it into the Apache2 access.log of the server, then we escalate our privileges by abusing rlogin and tmux . I learned a lot tackling this one, I don’t agree with the easy rating. ***SPOILERS*** I show you how to pwn the box, so if you don’t want help with it do not watch this video. Hope this helps someone and I hope you enjoy.
Hack the Box Walkthrough – Reset
