Download the machine:
- Enumeration will lead to a open FTP server
- Get the zip file , crack the password and find the clue
- Robots text will indicate a hidden directory
- Use directory traversal to find the hidden directory that contains a password in the source code
- Enter the user check for SUID permissions
- Exploit the machine with polkit and gain root access
Run nmap scan to find for open ports.
Check the FTP server as anonymous.
Crack the password on the zip file.
Read the text.
Run a gobuster scan to find for hidden directories.
In the robots text file there is a hidden directory that looks like a command injection. Moreover the clue given seems we can search a drip folder. Lets use the index.php to set a command injection.
Source code shows a password.
Able to gain access into the thugger user.
Found the first flag.
Unable to find SUDO permissions. Check for SUID permissions.
Get the exploit from here.
Run the exploit.
Root user will be gained.
Final flag is found.
Leave a Reply