Skip to content

symphony2colour/era-htb-rce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
era_rce.py
era_rce.py
 
 

Repository files navigation

📌 Description

This Python script demonstrates a full exploitation chain for the Era machine on Hack The Box. It performs:

  • User login as yuri
  • Reset of the admin account’s security questions
  • Login as admin via security bypass
  • Enumeration of available file IDs
  • File upload (if no files were found on server)
  • Triggering remote code execution via a misused ssh2.exec handler
  • Optional automatic listener launch via nc

⚠️ Prerequisites

  • HTB VPN connected

  • http://file.era.htb added to /etc/hosts:

  • Python 3.7+

  • Required tools:

  • curl (only for testing)

  • nc (netcat) for reverse shell

  • requests module (should be pre-installed)

🛠️ Usage

python3 era_rce.py <your-IP> <your-port>

If you want to skip automatic listener:

start netcat nc -lvnp 5050

execute code python3 era_rce.py 10.10.14.60 5050 --no-listen

1

About

This repo contains RCE exploit for Era htb machine

Topics

exploit era htb htb-scripts

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages