The exploits weren’t super complicated, just a little fiddly, especially when trying to return a shell. I rated user a 3 for difficulty, and root a 4. You can also view this writeup in my Cybersecurity Notes repository. I used my new writeup converter tool to port this over to my site - give it a try! Revisiting the box really helped me analyse and be critical of my methodology the first time round, and I actually managed to pop a shell today using a certain method when I couldn’t a few months ago. I came back to this box to do the writeup after watching a couple of other videos and writeups on it, and found some nice alternative ways to do what I did originally. That’s because I didn’t use Obsidian when i did this box originally, and I went back and recaptured screenshots for this writeup. It was one of those boxes where everything running on the box felt like it had a reason to be there, and wasn’t just plopped onto it for the sake of having a CTF.Īs with other writeups, this may contain screenshots dated from after the box retired. Every part of the path felt super on-theme and it was really enjoyable. Finally, root involves exploiting sudo permissions on the msfconsole binary to gain a shell. From the kid user, we can escalate to the pwn user by exploiting a command injection vulnerability in a logging script designed to ‘hack back’ other hackers. This can be used to execute commands on the box as the kid user by uploading a malicious APK file. The website runs a number of Linux commands in the background, one of which makes use of an outdated metasploit library. This was a pretty easy but really fun box based on exploiting another hacker’s badly made website.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |