pentestProhard

Лотерея (Lottery)

hackerlab

Task: PHP/MariaDB lottery app with PHPSESSID cookie used directly in raw SQL query, admin panel with shell_exec command injection, SSH with leaked credentials, and sudo pip privesc. Solution: error-based SQLi via cookie to extract admin password, command injection via dateFormat parameter, SSH credential recovery from auth.log, then GTFOBins sudo pip to read root flag.

$ ls tags/ techniques/

command_injection sql_injection php credential_leak apache ssh gtfobins privilege_escalation shell_exec cookie_injection mariadb date_command error_based_sqli chained_attack phpsessid auth_log sudo_pip

error_based_sqli_via_cookieextractvalue_sqlicommand_injection_via_shell_execssh_credential_extraction_from_auth_logsudo_pip_privesc

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lucky Ticket (Счастливый билет)— hackerlab
[web][Pro]Pryzhok— hackerlab
[infra][Pro]Секретный кабинет (Secret Cabinet)— hackerlab
[web][Pro]Привилегированный гость (Privileged Guest)— hackerlab
[web][Pro]Раздача купонов (Coupon Giveaway)— duckerz