Pilgrimage Walkthrough | Hackthebox


Today I will go through the easy level HTB machine 🙂


As usual two ports are open 22 & 80 .

Add pilgrimage.htb to /etc/hosts .



While using dirb I found .git directory which is forbidden, so I thought to use git-dumper to analyze the source code.

Here is the link for the git-dumper tool : https://github.com/arthaud/git-dumper

This is dump all the .git repository from the website 🙂

While analyzing the files I found two interesting things

Location of DB ????

and magick version


There is a simple web interface with file upload, login and register …..

After analyzing I found that there is CVE related to majick version .



Clone this repo and run this exploit

python3 CVE-2022-44268.py --image imagetopoison.png --file-to-read /etc/passwd --output poisoned.png

And it worked perfectly fine.

Now upload the poisoned image.

Image uploaded successfully. Now copy the uploaded image url

Finally it worked. Now we have to read /var/db/pilgrimage that we found in our source code.

We have to make changes in script .

You will get this type of output

Just put it in a file .

After that

cat dump.sql| xxd -r -p - > sqlite.dump

Now analyze it with sqlite3 cmdline

You will get ssh pass for emily.



SSH Pass


After running pspy I found

After analyzing the .sh script I checked the binwalk version

And it was vulnerable to CVE-2022-4510


After this you will get binwalk_exploit.png ………. copy it to /var/www/pilgrimage.htb/shrunk dir

And don’t forget to start a listener 🙂

And Boom you will get the shell as root .

This was very easy machine.

Hope you enjoyed the writeup.


Overall this is a good machine . I would like to rate 5/10 compared to easy level.

Jai Shree Krishna ❤️

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site


Scroll to Top