O
O
OSCP Notes
Search
K
Comment on page

OnSystemShellDredd (easy)

PORT STATE SERVICE REASON
21/tcp open ftp syn-ack
61000/tcp open unknown syn-ack
anonymous login enabled. Found .hannah directory.
id_rsa found.
changed the permission of the file to 600 and logged in as hannah!
Ran the LinPeas.sh and found interesting SUID & SGID bits
With cpulimit binary's SUID permission, I was able to easily become root.
with mawk, I was able to read /etc/shadow but I wasn't able to directory root the system with it. (I also tried to unshadow the password, but no luck here as well)
Last modified 1yr ago