unknowndevice64: 1 walkthrough
using namp to do a port scanning
nmap -p 1-65535 -T4 -A -v 192.168.227.157
check its http service(port 31337)
download the key_is_h1dd3n.jpg, check with binwalk and exiftool but get nothing. try if it is stegnographed.
extract out a h1dd3n.txt using key “h1dd3n”
the content of txt seems to be brainfuck, decode it here: https://www.splitbrain.org/_static/ook/
looks like a pair of credential. username: ud64, password: 1M!#64@ud
login to its sshd service(port 1337)
the shell is restricted, hit TAB twice and get to see the command I am allowed to execute.
vi is always our best friends to escape restricted shell environment.
vi -> !/bin/bash -> escaped.
sysud64 is just strace.google “strace suid local privilege escalation” and get this:
sudo strace -o/dev/null /bin/bash
write a c program:
compile it, then
sudo strace chown root:root test