Hi all, let’s pwn this box.
You can find the machine there > Seppuku
Let’s start as always with a nmap scan.
Let’s not waste more time, i did lot of enumeration on every port and i found a wordlist under port
7601, let’s run
/w has a wordlist in
http://$ip:7601/w/password.lst, let’s download it.
After some tries, i tried to
ssh brute force with user
seppuku & i got in!
Bingo! Let’s login.
Oh we’re into
We can easily bypass this using
Perfect, now we can see into
seppuku directory a password. We can try it for
We’re in, if we run now
sudo -l we can see this.
But this file doesn’t exist, only
tanto can create this file, after some enumeration i found
tanto's ssh private key.
Note : Everytime u login as another user u have to do the
vi trick to bypass
Perfect, let’s create now this file & add our payload in.
Let’s go back to
samurai user & execute it.
Let’s read the flag now.