Soccer htb
Last updated
Last updated
First of all i have scan the ip
Here we find ssh and http port open & we don’t have credential to log into ssh server
then i am going to fuzz the url to show which sites we can go into
then i am goin to add /tiny to the url
then we found login page but we don’t have cred let’s try to find default credential for that site
then i find that in their repo in github have a default passowrd
after login as admin i find that i can upload files let’s try to upload php reverse shell
it’s success let’s try to make listener and try to order the reverse shell from url
here we success and get into machine then make shell stability with : python -c 'import pty;pty.spawn("/bin/bash")'
let’s try to enumerate the machine with linpeas
i found that we have another subdomain lets add it to /etc/hosts to get it in browser
here we get into and this site provide services such as make tickets for match
then i try to get sqli and search for script to get the request in my terminal
then i try to use multiple argument with sqlmap tool
after we get cred try to log in ssh server with this credential
after that i can read user.txt file and get flag
then i run linpeas in machine to make enumeration and get that i can write in dstat directory then lets show it
after search i find that script that lead to privilege techniques and way to exploit it - i put it in his path and execute it with doas
here i finished and get root flag
you can know more than about dstat here :
**doas it executes commands as other users according to the rules in the doas.conf configuration file you can know about it in :**
