Persecure : my learning archive

, ,

Gallery CTF

https://tryhackme.com/room/gallery666

Run sudo nmap to find for open ports.

Head to the the http site and do a searchploit on simple image.

https://www.exploit-db.com/exploits/50214 and download the exploit.

https://www.revshells.com/ to generate a payload.

Start a nc listener.

Add in your attacking machine IP , choose bin/sh and URL encode the payload.

Start the netcat listener

10.10.114.4/gallery/uploads/1649333580_TagodtjpedudxlgraadLetta.php?cmd= <<PASTE PAYLOAD>>

Shell is gained.

Once connected , change to the python shell and restart the shell.

cat the initialize.php to find some database info

Search the userdatabase and find the hash password for the admin.

Download Linpeas to the victim machine via python server form your machin.

Run linpeas

Found a password – b3stpassw0rdbr0xx

Change user to mike and enter the password found on linpeas.

Found the first flag

Cat the file and the we are allowed to use sudo.

Head to gtfobins to find a nano exploit.

Run sudo nano on the rootkit.sh ^R and ^X and then type reset; sh 1>&0 2>&0 and root access is gained.

The final flag is obtained.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: