Vulnhub hacksudo: 1 Walkthough

https://www.vulnhub.com/entry/hacksudo-1,650/


Simple walkthrough.

Scan ports.

图片.png


Scan port 80, check each file's source code, but nothing useful.

图片.png


Port 8080 is tomcat, with default creds. Use msfconsole to get reverse shell.

图片.png


Now we are user tomcat.

图片.png


Upload pspy64, notice that user "hacksudo" runs /home/hacksudo/getmanager, which in turn calls /home/vishal/office/manage.sh.

图片.png


We can not modity manage.sh directly, but we have write permissions for /home/vishal/office folder.

图片.png


Del manage.sh, write reverse shell code into a new manage.sh.

图片.png


Chmod 777 to manage.sh, in order to give hacksudo permission to run.

图片.png


After a while, we are user hacksudo.

图片.png


Sudo -l.

图片.png


Use scp to get shell.

图片.png


BOOM!

hacksudo_screenshot.png


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年12月    »
1234
567891011
12131415161718
19202122232425
262728293031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2