IClean (Medium) | Hack The Box

Products

Solutions for

Teams

Schools

Individuals

Products we offer

Courses & Certifications

Cyber Ranges

Enterprise Attack Simulations

Gamified Team Assessments

Workforce Exercises
new

Talent Sourcing

View all products for teams

Academy for Business

Build cybersecurity talent from within.

An interactive and guided skills development platform for corporate teams
looking to master offensive, defensive, and general security domains.

Read more

Start a free trial

Dedicated Labs

Deal with the latest attacks and cyber threats!

Ensure learning retention with hands-on skills development through a
growing collection of real-world scenarios in a dedicated team environment.

Read more

Start a free trial

Professional Labs

Assess an organization's security posture.

Assess and certify your team's skills and problem-solving abilities
with complex, realistic corporate scenarios.

Enterprise Labs

Cloud Labs

Get a demo

Capture The Flag

Where is your organization standing?

Benchmark your team capability and analyze skill gaps with engaging
competitions featuring market-leading cybersecurity content.

Host your private CTF

Get a demo

Crisis Control

AI-powered tabletops for executive and cyber teams

We are redefining traditional TTXs to fully measure and develop
organizational crisis readiness. See how your staff reacts under pressure
and protect the pivotal assets in your organization.

Book a call

Read more

Talent Search

Recruit and develop your next team member!

Source future talent directly from our 2.5M community of skilled
individuals and develop clear career paths.

Read more

Get a demo

Products we offer

Courses & Learning Paths

Hands-on Labs

Gamified Team Exercises

Industry Certifications

Programs

Student programs

Teacher programs

View all products for schools

HTB Academy

Start your cybersecurity journey.

From comprehensive beginner-level to advanced online courses covering
offensive, defensive, or general security domains.

Get a demo

Dedicated Labs

Deal with the latest attacks and cyber threats!

Ensure learning retention with hands-on skills development through a
growing collection of real-world scenarios in a dedicated classroom
environment.

Get a demo

Capture The Flag

Where is your classroom standing?

Benchmark your classroom capability and analyze skill gaps with
engaging competitions featuring market-leading cybersecurity content.

Host your private CTF

Industry Certifications

Create market-ready cybersecurity professionals.

Bridge the gap between education and the dynamic job market with
industry recognized certifications.

Get a demo

Student Programs

Student subscription.

Unlock 40+ courses on HTB Academy for $8/month. Kickstart your
cyber career from the fundamentals.

Start now

Teacher Programs

Classroom plans.

Access exclusive business features and training service by bringing HTB
to your classroom.

Get a demo

Products we offer

Courses & Learning Paths

Hands-on Labs

Gamified Hacking Events

Job Board
11+ jobs available

Industry Certifications

View all products for individuals

HTB Academy

Start your cybersecurity journey.

From comprehensive beginner-level to advanced online courses
covering offensive, defensive, or general security domains.

Get started for free

HTB Labs

Where real hackers level up!

An ever-expanding pool of labs with new scenarios released every week.

Hacking Labs

Defensive Labs

Red Teams Labs

Join now

Capture The Flag

Looking for a real gamified hacking experience?

Measure your skills in dynamic cybersecurity competitions.

HTB Seasons

Hacking Battlegrounds

Join a CTF event

Job Board

Land your first job in cyber.

Recruiters from the best companies worldwide are hiring through
Hack The Box.

Apply now

Industry Certifications

Become a market-ready cybersecurity professional.

Skyrocket your resume and land your dream job with industry recognized
certifications.

Start now
Solutions

Job Roles

Red Teams

Blue Teams

Purple Teams

Industries

Government

Finance

Manufacturing

Healthcare

Consulting

Use Cases

Technical onboarding and talent retention

Team capabilities benchmarking and gap analysis

Internal and external candidate assessment

Emerging threats and tactic response preparation

Code vulnerability and risk mitigation

Governance and compliance

Real-time breach and crisis simulation

Customer Stories

Toyota & Hack The Box: bridge the
knowledge gap between security and cloud.

View all customer stories
Pricing
Resources

Resource Hub

Educational resources for hackers, schools and teams.

Explore all resources

Discord Server

Join over 250K hackers interacting and learning.

Hang out

Community

Upcoming Events

Meetups

Forum

Affiliate Program

SME Program

Ambassador Program

Parrot OS

Get Help

Help Center

Contact Support

From the Blog

Memory dump analysis with Signal decryption

Read more articles

Industry Reports

New release: 2024 Cyber Attack Readiness Report 💥

We threw 58 enterprise-grade security challenges at 943 corporate
teams and 4,944 security professionals from different industries. Here's
what we learned based on their performance and future security trends.

Download your guide
Company

Company

About us

Careers

Social Impact

Brand Guidelines

Certificate Validation

Legal

Contact us

Press

Partners

Enterprise Sales

Connect

LinkedIn

X

Youtube

Facebook

Why Hack The Box?

Work @ Hack The Box

Join our mission to create a safer cyber world by making cybersecurity
training fun and accessible to everyone. No boundaries, no limitations.

View open jobs

Featured News

Access specialized courses with the HTB Academy Gold annual plan.

Read more news

Store

HTB Swag

Buy Gift Cards

Business

Start free trial

Our all-in-one cyber readiness platform free for 14 days

Get a demo

Get in touch with our team of experts for a tailored solution

IClean 596

RETIRED MACHINE

IClean

IClean - Linux

Linux

IClean - Medium

Medium

4.5

MACHINE RATING

4270

USER OWNS

4180

SYSTEM OWNS

06/04/2024

RELEASED

Created by LazyTitan33

Machine Synopsis

IClean is a medium-difficulty Linux machine featuring a website for a cleaning services company. The website contains a form where users can request a quote, which is found to be vulnerable to Cross-Site Scripting (XSS). This vulnerability is exploited to steal an admin cookie, which is then used to access the administrator dashboard. The page is vulnerable to Server-Side Template Injection (SSTI), allowing us to obtain a reverse shell on the box. Enumeration reveals database credentials, which are leveraged to gain access to the database, leading to the discovery of a user hash. Cracking this hash provides `SSH` access to the machine. The user’s mail mentions working with PDFs. By examining the `sudo` configuration, it is found that the user can run `qpdf` as `root`. This is leveraged to attach the `root` private key to a PDF, which is then used to gain privileged access to the machine.

Machine Matrix

Ready to start your
hacking journey?

Join Now