[Task 3] Blind Command Injection

  1. Ping the box with 10 packets. What is this command (without IP address)?

Access the site

Prepare attacker machine to accept for ping command

Back to attacker machine, success!!!

2. Redirect the box’s Linux Kernel Version to a file on the web server. What is the Linux Kernel Version?

I will get the reverse shell.

Prepare listener

Reverse shell reference:

Paste the command and submit.

Back to listener, now I have a shell

3. Enter “root” into the input and review the alert. What type of alert do you get?

4. Enter “www-data” into the input and review the alert. What type of alert do you get?

5. Enter your name into the input and review the alert. What type of alert do you get?

[Task 4] Active Command Injection

  1. What strange text file is in the website root directory?

2. How many non-root/non-service/non-daemon users are there?

The answer is zero.

3. What user is this app running as?

4. What is the user’s shell set as?

from #2

5. What version of Ubuntu is running?

6. Print out the MOTD. What favorite beverage is shown?

[Task 5] Get The Flag!

  1. Get the flag!

Import TTY shell

Sudo

SUID

Cronjob

Capabilities

After all of these, I’m hitting the wall. Looking at hint may help

No privesc!!! Maybe there’re hidden flag.

Lucky me!!!