pentesteasy

Сисадмин (Sysadmin)

hackerlab

Task: Linux pentest machine running a hospital website and Webmin panel, requiring root access to retrieve the flag. Solution: Extracted sysadmin username from image EXIF metadata, logged into Webmin with weak credentials, then exploited a SUID binary command injection vulnerability using IFS bypass for privilege escalation.

$ ls tags/ techniques/

command_injection osint metadata suid privilege_escalation webmin

exif_analysisweak_credentialsweb_shellsuid_exploitationifs_bypass

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]