# Soccer htb
* **First of all i have scan the ip**
* **Here we find ssh and http port open & we don’t have credential to log into ssh server**
* **then i am going to fuzz the url to show which sites we can go into**
* **then i am goin to add /tiny to the url**
* then we found login page but we don’t have cred let’s try to find default credential for that site
* **then i find that in their repo in github have a default passowrd**
* **after login as admin i find that i can upload files let’s try to upload php reverse shell**
* it’s success let’s try to make listener and try to order the reverse shell from url
* **here we success and get into machine then make shell stability with : `python -c 'import pty;pty.spawn("/bin/bash")'`**
* **let’s try to enumerate the machine with linpeas**
* **i found that we have another subdomain lets add it to /etc/hosts to get it in browser**
* **here we get into and this site provide services such as make tickets for match**
* **then i try to get sqli and search for script to get the request in my terminal**
* **then i try to use multiple argument with sqlmap tool**
* **after we get cred try to log in ssh server with this credential**
* **after that i can read user.txt file and get flag**
* **then i run linpeas in machine to make enumeration and get that i can write in dstat directory then lets show it**
* you can know more than about dstat here :
* after search i find that script that lead to privilege techniques and way to exploit it - i put it in his path and execute it with **`doas`**
* `**doas` it executes commands as other users according to the rules in the `doas.conf` configuration file you can know about it in :\*\*
* **here i finished and get root flag**
