Crane#
Overview#
- OS: Linux
- IP: 192.168.192.146
- Difficulty: Intermediate
- Platform: OffSec
- OSCP: Yes
- Lists: N/A
Summary#
easy adminadmin and exploit rce privesc with sudo -l.
Loot#
| Loot | |
|---|---|
| Category | Details |
| Usernames | |
| Passwords | |
| Usernames+Passwords | |
| Hashes | |
| Service Versions |
Enumeration#
Nmap#
Dirbusting#
Port 80#
Web behavior was the main signal here, so I traced each response change before exploitation.
Exploitation#
Once the primitive was confirmed, I converted it into a stable foothold and chained it forward.
admin admin just let us in lol
found this cve for it
PrivESC#
Local enumeration exposed the misconfiguration, and the escalation path below was enough to move up.
interesting
and GTFO bins had one for this boom
