HackMyVm : Translator Writeup

 

Hackmyvm: Translator



OS: Debian
Web-Technology:

IP: 192.168.1.83

Flag:
⇒ user flag : REDUCTED
⇒ root flag : REDUCTED

USERS:
⇒ india
⇒ ocean

CREDENTIALS (ANY):
⇒ ocean : ayurv3d4

=========================================================================
NMAP RESULTS:
    22/tcp open ssh OpenSSH 8.4p1 Debian 5 (protocol 2.0)
    | ssh-hostkey:
    | 3072 08:cf:50:b2:4f:41:43:c4:66:56:ce:96:b9:04:8c:77 (RSA)
    | 256 40:b7:11:24:76:59:cd:e0:79:db:71:d1:39:29:d5:45 (ECDSA)
    |_ 256 44:64:ba:b8:52:4f:ca:00:dd:3e:c3:28:71:6f:77:76 (ED25519)
    80/tcp open http nginx 1.18.0
    |_http-server-header: nginx/1.18.0
    |_http-title: Site doesn't have a title (text/html).
    Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

=========================================================================
Web Enumeration:
⇒ Found that page is translating the text in atbash.

⇒ Output

⇒ Getting the shell using

⇒ Inputting that encoded string in input box and hit submit.



FILES: /www/data/
⇒ hvxivg

⇒ Atbash decoded

→ Password : ayurv3d4

=========================================================================
SSH: | ocean : ayurv3d4 |
→ Enumeration
⇒ sudo -l

⇒ Getting access to user India
⇒ Reference : https://gtfobins.github.io/gtfobins/choom/#sudo


=========================================================================
Enumeration: India
→ sudo -l

=========================================================================
PRIV-ESC:
⇒ Make a copy of /etc/passwd
⇒ Adding custome user in the duplicate /etc/passwd
⇒ Make password for custome user

 ⇒ User mrw added:

⇒ Using /usr/local/bin/trans translating our custome user file to /etc/passwd

⇒ Login as our customr added user “mrw”

⇒ Got the root
⇒ Reading root.txt











Comments

Post a Comment

Popular posts from this blog

HackMyVm : Hostname

Image
 HackMyVm : Hostname OS: Debian Web-Technology: IP: 192.168.1.154 USERS: → po CREDENTIALS (ANY): → po : !ts-bl4nk Flags: → user.txt : REDUCTED → root.txt : REDUCTED ========================================================================= NMAP RESULTS:      22 /tcp open ssh OpenSSH 8.4p1 Debian 5 (protocol 2.0)      | ssh-hostkey:      | 3072 27:71:24:58:d3:7c:b3:8a:7b:32:49:d1:c8:0b:4c:ba (RSA)      | 256 e2:30:67:38:7b:db:9a:86:21:01:3e:bf:0e:e7:4f:26 (ECDSA)      |_ 256 5d:78:c5:37:a8:58:dd:c4:b6:bd:ce:b5:ba:bf:53:dc (ED25519)      80 /tcp open http nginx 1.18.0      |_http-server-header: nginx/1.18.0      |_http-title: Panda      Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel ========================================================================= Web Services Enumeration: → Visited  http://192.168....
Read more

HackMyVm : Away

Image
 HackMyVm : Away OS: Debian Web-Technology: IP: 192.168.1.39 USERS: → lula → passphrase : Theclockisticking ========================================================================= NMAP RESULTS:      22 /tcp open ssh OpenSSH 8.4p1 Debian 5 (protocol 2.0)      | ssh-hostkey:      | 3072 f1:87:03:41:21:12:ef:80:3c:8f:07:2f:8b:3c:6e:2a (RSA)      | 256 5f:f9:ca:19:0d:74:65:2c:97:4a:36:a4:04:7c:9b:bd (ECDSA)      |_ 256 39:a4:b3:38:94:c5:d2:77:07:a1:dd:b4:2f:0a:5a:44 (ED25519)      80 /tcp open http nginx 1.18.0      |_http-title: Site doesn't have a title (text/html).      |_http-server-header: nginx/1.18.0      Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel ========================================================================= Web Services Enumeration: → Visited http://192.168.1.39 ⇒  ⇒ “tula” can be a ssh user....
Read more