infraeasy

СМС (SMS)

hackerlab

Task: Pentest a Linux machine running Stock Management System (SMS) PHP application. Solution: UNION-based SQL injection to extract user credentials, MD5 hash cracking for SSH access, then privilege escalation via sudo NOPASSWD on /usr/bin/env (GTFOBins).

$ ls tags/ techniques/

sql_injection php ssh md5_cracking gtfobins privilege_escalation union_based_sqli sudo_misconfiguration env_privesc stock_management_system sourcecodester

UNION-based SQL injection in PHP applicationMD5 hash cracking via rainbow tablesSSH access with cracked credentialsPrivilege escalation via sudo env misconfiguration

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]