Here comes the S1-120 of the De-ICE series...
Well, I would say this is not that difficult except the part when escalate to root privilege makes me wondering for some times...
In overall, I still enjoy the hacking challenge this time :)
Let's start with a netdiscover to check out the ip address...
Usual practice RECON with Nmap...
Nmap with aggressive mode...
Let's check out the website...
Seems like this can be attack using SQL injection...
Finding out using sqlmap...
The guess is CORRECT! Now we dump all the usernames and password into two separate file...
After that, hydra will do the works by breaking into SSH service...
As per previous challenges, 'ccoffee' seems to be the staff since the very beginning...
So, let's try login using 'ccoffee' account...
Now we got a shell on the target machine...
It seems that we can only run 'sudo' with the following file...but executing the file does not escalate our privilege to root... :(
Let's try to backup the original file before we proceed further...
Try create a shell prompt with a same file name and change the permissions to allow all...
IT WORKS! But we only get the shell with 'ccoffee' privilege... (feeling depress again...)
Let's check again at the allowable 'sudo' commands...
Perhaps we should just run 'sudo' with full path of the file?
......... and we got the root shell! :)
Next thing to do is just to find the 'flagsss' this time... and I will leave it to you since there are too much of files to be viewed...
# ls -laRh
This command will list out all the files recursively with human-readable file size... :)
Next challenge would be S1-130...
No comments:
Post a Comment