πSoccer htb
First of all i have scan the ip
Here we find ssh and http port open & we donβt have credential to log into ssh server
then i am going to fuzz the url to show which sites we can go into
then i am goin to add /tiny to the url
then we found login page but we donβt have cred letβs try to find default credential for that site
then i find that in their repo in github have a default passowrd
after login as admin i find that i can upload files letβs try to upload php reverse shell
itβs success letβs try to make listener and try to order the reverse shell from url
here we success and get into machine then make shell stability with :
python -c 'import pty;pty.spawn("/bin/bash")'letβs try to enumerate the machine with linpeas
i found that we have another subdomain lets add it to /etc/hosts to get it in browser
here we get into and this site provide services such as make tickets for match
then i try to get sqli and search for script to get the request in my terminal
then i try to use multiple argument with sqlmap tool
after we get cred try to log in ssh server with this credential
after that i can read user.txt file and get flag
then i run linpeas in machine to make enumeration and get that i can write in dstat directory then lets show it
you can know more than about dstat here :https://linux.die.net/man/1/dstat
after search i find that script that lead to privilege techniques and way to exploit it - i put it in his path and execute it with
doas**doasit executes commands as other users according to the rules in thedoas.confconfiguration file you can know about it in :**https://man.openbsd.org/doas.conf.5
here i finished and get root flag
Last updated