$ cat writeup.md…
$ cat writeup.md…
hackerlab
Task: PHP/MariaDB lottery app with PHPSESSID cookie used directly in raw SQL query, admin panel with shell_exec command injection, SSH with leaked credentials, and sudo pip privesc. Solution: error-based SQLi via cookie to extract admin password, command injection via dateFormat parameter, SSH credential recovery from auth.log, then GTFOBins sudo pip to read root flag.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar