Introduction

Are you ready to take the challenge?

Enumeration

Scan the machine, how many ports are open?

We always start scanning our IP to find open ports with NMAP.

The port 80 we got a regular Apache2 page:

On port 6379 we got:

What's is the database management system installed on the server?

What port is the database management system running on?

What's is the version of management system installed on the server?

Let's connect via telnet:

Exploitation

USER.TXT

Compromise the machine and locate user.txt

Let's upload a file to the server (this way we can run commands):

Let's run a cmd of reverse shell:

Let's grab the netcat:

Answer Hidden as per THM request - for more HELP 👉 TROLL ME

ROOT.TXT

Let's check for SUIDs:

What is the local user account password?

Let's exploit the XXD:

Now we will grab the /etc/passwd and /etc/shadow (with the XDD exploit) and run unshadow:

unshadow pass.txt shad.txt > hash.txt

After that we will use john to decrypt the hash:

john hash.txt

Escalate privileges and obtain root.txt

With the password we use to enter the vianka account, check the permissions, and cat the root flag:

Answer Hidden as per THM request - for more HELP 👉 TROLL ME