Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub hacksudo: 1 Walkthough

https://www.vulnhub.com/entry/hacksudo-1,650/


Simple walkthrough.

Scan ports.

图片.png


Scan port 80, check each file's source code, but nothing useful.

图片.png


Port 8080 is tomcat, with default creds. Use msfconsole to get reverse shell.

图片.png


Now we are user tomcat.

图片.png


Upload pspy64, notice that user "hacksudo" runs /home/hacksudo/getmanager, which in turn calls /home/vishal/office/manage.sh.

图片.png


We can not modity manage.sh directly, but we have write permissions for /home/vishal/office folder.

图片.png


Del manage.sh, write reverse shell code into a new manage.sh.

图片.png


Chmod 777 to manage.sh, in order to give hacksudo permission to run.

图片.png


After a while, we are user hacksudo.

图片.png


Sudo -l.

图片.png


Use scp to get shell.

图片.png


BOOM!

hacksudo_screenshot.png


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.7.0