Hi all, let’s pwn it!
You can find the machine there > CyberSploit 2
Let’s start always with nmap.
Decoding ROT47 - shell as shailendra
Website has some usernames/passwords:
We can see 2 weird strings -> D92:=6?5C2 - 4J36CDA=@:E` that’s ROT47 let’s decode them using cyberchef
D92:=6?5C2 -> shailendra
4J36CDA=@:E` -> cybersploit1
Tried them with SSH & i got in!
shailendra -> root
Now privesc is simple user is member of docker group:
Let’s get root shell:
Now let’s read the flag: