00:00 Used Techniques: Password Cracking | RCE | SUID Exploit | OS Type: Linux
00:10 Port scanning via nmap
00:32 Scanning potential website pages with Gobuster
01:23 Searching vulnerabilities with Searchsploit and executing an RCE.
01:49 Converting DOS format to UNIX with dos2unix
02:12 Enumerating OpenNetAdmin files to find credentials
04:06 SSH access to the box with jimmy's account
04:41 Enumerating the box with linPEAS to find more vulnerabilities
07:29 Finding internal website to extract RSA key of joanna's account
08:19 Cracking the RSA key with John
08:53 SSH access to joanna's account
09:39 Checking GTFObins to escape out from restricted 'nano' shell
09:58 Reading the root flag

свернуть