In my path to learn offensive security i have worked this weekend in Traceback VM in hackthe box,
I know that's it still online so i just going to talk about my approach and i have learned form this VM :
As all the time i start VM by the nmap to look for services that run in the server then i moved to the web page where to look for page code in directory fuzz so comment in the code helped me to find the login page in the first account.
the second step was a piece of cake to have shell as webadmin so as a habit i run sudo -l command
so it give me the answer to get the user flag
after validating this flag now i m sysadmin user sudo -l nothing need password to get result so i have uploaded linEnum script to help me so i noticed some process that run every after a sleep 30 so i have checked file 00-header and tried to look for the reflection of the execution of this file : yes when we logging as sysadmin.
great i have got the root flag after the modification of 00-header file and the first try to login as sysadmin
(i forgot to mention .ssh file it will help you a lots)
No comments:
Post a Comment