Hi all, i really hate this type of boxes, but anyway let’s pwn it!
You can find the machine there > CyberSploit
Enumeration/Reconnaissance
Let’s start always with nmap.
1 |
|
If we check page source code we can see this comment: <!-------------username:itsskv--------------------->
Probably a system user. Then i always check /robots.txt
there, a base64 string exists let’s decode it.
1 |
|
Shell as itsskv
After this i tried ton of stuff, brute force with custom wordlist with cewl
, custom wordlist with john
, brute force with rockyou.txt
nothing. Then i had a crazy idea to try cybersploit{youtube.com/c/cybersploit}
as password and it worked. LOL
1 |
|
The second flag:
1 |
|
Exploiting old kernel version
Now privesc to root, is kernel exploit. Let’s check kernel version:
1 |
|
Seems really old, let’s search for possible exploits.
1 |
|
Seems good, let’s mirror it and transfer it to target box.
1 |
|
Now let’s wget it to target box and compile it.
1 |
|
Let’s read the final flag:
1 |
|
Big meme box.