sudo -l We can leverage this configuration to gain root access:
http://10.10.10.15/admin Indeed, we find a simple login form. After attempting some common credentials, we manage to log in using the username admin and password password123 . hack fish.io
Next, we visit the HTTP service running on port 80: sudo -l We can leverage this configuration to
We create a PHP reverse shell using a tool like msfvenom : However, upon inspecting the page source, we notice
After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password:
http://10.10.10.15 The webpage appears to be a simple website with a " Contact Us" form. However, upon inspecting the page source, we notice a peculiar comment:
To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services: