Titanic AutoPWN - HTB Machine

This is an automated exploitation script for the Hack The Box machine Titanic. A full exploitation automation script for the Titanic HTB Linux machine on Hack The Box. Full write Up -> WriteUp.md

📋 Description

It performs the following actions:

• Phase 1: Retrieve and parse the gitea.db file via LFI to extract user hashes
• Assist with hashcat format to crack developer's password (PBKDF2-HMAC-SHA256)
• Phase 2: Use cracked credentials to connect via SSH and exploit CVE-2024-41817 (ImageMagick) to gain root access via a malicious shared library

🚀 Usage

Step 1: Install dependencies

pip install -r requirements.txt

Step 2: Run Phase 1 (LFI + DB extraction)

python3 autopwn.py --phase 1

This will fetch the gitea.db and print hashcat-ready hashes for cracking.

Step 3: Run Phase 2 (SSH + PrivEsc)

After cracking the developer's password:

python3 autopwn.py --phase 2 --ssh-user developer --ssh-pass <cracked_password>

This phase uploads a malicious shared object and a dummy image to trigger identify_images.sh.

You will then:

• Connect via SSH
• Wait a few seconds for the cron to process the image
• Run bash -p to obtain a root shell

---

🧾 Requirements

• Python 3.x
• gcc (for compiling the malicious .so file)
• Access to hashcat (external)