Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub hacksudo:3 Walkthrough

https://www.vulnhub.com/entry/hacksudo-3,671/


Scan port 80, find a lot php files. Most of them are rabbit holes.

图片.png


Get code injecting through fuzzing generator.php.

图片.png


Then we can upload a php shell, and  get reverse shell.

图片.png


In /var/www, find a file named "hacksudo", and has some encrypted message in it.

图片.png


Looks like ROT. Decrypt it with cyberchef.

图片.png


Decrypt the pass hash online, get the password of user "hacksudo".

图片.png


Check group, hacksudo has group "lxd".

图片.png


It's a classic priviledge escalation through lxc and alpine. (steps skipped)

图片.png


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.7.0