Welcome to the hackthebox write-up for SwagShop! This box was pretty interesting, and, for the fact that this was a prototype website for the actual hackthebox swag shop, it made more fun to play it. It was labeled as “Easy” box since you can get an initial shell/code execution by utilizing a public exploit. For a privilege escalation, it was also pretty straightforward that you only need to leverage a misconfigured sudo
privilege. Let’s get…