Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub ColddWorld: Immersion Walkthrough

https://www.vulnhub.com/entry/colddworld-immersion,668/


easy one.


Scan port 80.

图片.png


Find a login page at /login.

图片.png


Check source code, find a hint. From the hint, we know username and maybe the page has LFI.

Check LFI with burpsuite.

图片.png


Get carls.txt, decode base64 get ssh password.

Ssh in as carls, sudo to user carlos.

图片.png


Check sudo, we can run DoNotRun.py at home folder.

Although we do not have write permission of the file, but we have write permission of fold /home/c0ldd.

So we can del the file, and create a new file with shell code.

Here is a trick. Take care the file name.


图片.png


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.7.0