Pages

Thursday, July 30, 2020

THM: Get Smag Grotto

Hi All

Today i will Try to get Smag from THM :

I used to start with nmap :


Great we have ssh and a web server 80



so I m thinking directly to directory brute force  :


we have /mail directory here i m going to explore :


Another step n this box the pcap file :


Yes, you have to configure /etc/hosts :



that will give you access to login page :

login with credentials found in the pcap file :

so we have a possibility to run some system command to get shell :


After getting shell i used LinEnum script to enumerate the box i noticed :




so the authorized key are copied from another file just we have to check if we have writing right in this file :


Nice now it s piece of cake : i generated the public & private key with ssh-keygen

then transferred the content via netcat to the server finaly copied the public key into jake_id_rsa.pub.backup :



Yes I m in as jake user :


Let s try sudo -l :





GTFOBIN that all we have root access.

I hope that you enjoyed reading my write-up let's me a comment if you want.



Kind regards

 Abdel

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Offensive Lab : simple Format string challenge

 Hi All  Today i will write about a very easy challenge from Offensive LAB where you can solve it through using reverse engineering techniq...

  • Tryhackme : Dav
    Hi All I m trying to do Dav box in Tryhackme so here s my note during the process of pentesting : after a scan with nmap i found http port 8...
  • TryHackme : Boiler CTF
    HI All Lets play another box in tryhackme and learn something new today it will be Boiler CTF room I used to start any box  enumeration wi...