🐧InfoSecPrep

192.168.129.89

Enumeration

Nmap scan

nmap -sV -p- 192.168.129.89 -A

Port 22

Port 80

Wpscan

wpscan  --url http://192.168.129.89:80/

Worpress Login Page : http://192.168.129.89/wp-login.php

Found Secret.txt through Robots.txt

The base64 decodes to a private id_rsa key.

Port 33060

Shell

Using the id_rsa key and the OSCP user name found on port 80. I get a shell.

Dropped Linpeas on this machine and ran.

Intersting bash binary that has suid but unable to get root privileges with it.

Root

Had to look at a hint.

Had tried to escalate privileges with /usr/bin/bash as I saw that it was had suid. But did not know about the -p that needed to be added.

Source : https://stackoverflow.com/questions/63689353/suid-binary-privilege-escalation

Template partially from 0xC0FFEE https://notes.benheater.com

PreviousDC-2 - unfinishedNextStapler

Last updated

Was this helpful?