OnSystemShellDredd (easy)
anonymous login enabled. Found .hannah directory.
id_rsa found.
changed the permission of the file to 600 and logged in as hannah!
Ran the LinPeas.sh and found interesting SUID & SGID bits
With cpulimit binary's SUID permission, I was able to easily become root.
https://gtfobins.github.io/gtfobins/cpulimit/
with mawk, I was able to read /etc/shadow but I wasn't able to directory root the system with it. (I also tried to unshadow the password, but no luck here as well)
Last updated