Hacker

As usual we will start with the nmap scan and we notice ftp anonymous login allows and we found two files there will get these files and use the crack map exec to find the credentials once we are into the box by using the tar suid we will escalate the root privileges with all being said let begin

Lets scan the box with the nmap nmap -sC -sV -oN ip

We some open port’s FTP ( 21 ), SSH ( 22 ), HTTP ( 80 ) we can see that the anonymous ftp login’s are allowed let’s login as anonymous

We got the user name from tasks.txt let’s see whats on port HTTP 80 nothing find’s interesting. let’s start the gobuster to discover the directories gobuster dir -u (url) -w (wordlist) -o (outputfile)

As we have a valid user name let’s try to validate credentials with crack map

crackmap exec ssh ip -u user -p passlist

As we have a valid credentials let’s ssh into the box

we have a successful login. let’s check what permissions we have sudo -l the root user may run the /bin/tar

lets escalate to root user by using the tar sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

That’s all for today hope you like the box! HAVE A GREAT DAY