Toppo machine — Walkthrough
Hi guys, this is the ninth day and ninth box (9D-9B for my personal reference). I will be trying to complete at least one box per day (if could two or more) so I could gain my confidence, learn new knowledge, and prepare for OSCP.
Wish me luck!
So, today I would like to work on Toppo machine, which is from VulnHub. Let’s get started!
################################################################ — — — — — — — — — Please read to the end! Thank you! — — — — — — — — —
################################################################
Enumeration
Nmap
Port 80 — HTTP
There is nothing here so we can run Gobuster.
Gobuster
There is a few results here, lets check one by one.
/admin
notes.txt
Looks great, we have a password!
/img
contact_me.php
/manual
/LICENSE
/package.json
SSH!
After a long time searching for clues, and I suddenly realized the username should be ted. It is literally on the password…
getting linpeas from our machine.
To root!
After a moment, we can start to check the results. The most obvious to me is this orange highlighted SUID.
Now check on GTFO.
We can try to paste it in and work around the commands and it works!
Now getting the flag.
Indeed this is a very easy room as from the box description.
Thank you for reading my write-up. I would like to improve my write-up skills in the future and can reach me through Twitter or comments. Any sponsors also welcomed.
Twitter: https://twitter.com/curse_jk
Buy me coffee:http://buymeacoffee.com/Cursemagic
Other medium write-ups: https://cursemagic.medium.com
