Hello guys. I had a few weeks off the blog because i studied for eCPPT, took the exam, and i’m waiting right now for a feedback(if i passed or not).
This is a 5 minutes box. That’s how much it would take you to get root on it.
Let’s deploy the machine, and give it a scan. I also did a full range port scan just to be sure i don’t miss anything.
I tried to connect to telnet on port 23, using the login user pilot (which is also the codename we were given) and it successfully prompts a low privileged user shell as can be seen in the next image.
We read the user flag, and proceed to privilege escalation. Enumerating the system, one of the first commands i try is
sudo -l to see if i can run any service or other files as another user (usually hoping to be able to run it as root) and boom, we can run a file called busybox as root.
As you can see in the image above, we were able to read the root flag.
As i said, this is a 5 minutes box. I’ll also start posting on the blog more frequently since i finished the exam and freed my time.