Oopsie

Initial Scan

sudo nmap -T4 -Pn -sV -sC -v 10.129.95.191 -oA Oopsie

With what kind of tool can intercept web traffic?

Answer: Proxy

What is the path to the directory on the webserver that returns a login page? Answer: /cdn-cgi/login

What can be modified in Firefox to get access to the upload page?

Answer: Cookie

What is the access ID of the admin user?

Answer: 34322

On uploading a file, what directory does that file appear in on the server?

Answer: /uploads/

What is the file that contains the password that is shared with the robert user?

Upgrade to a functional shell:

python3 -c 'import pty;pty.spawn("/bin/bash")'

Answer: db.php

What executible is run with the option "-group bugtracker" to identify all files owned by the bugtracker group?

Answer: find

Regardless of which user starts running the bugtracker executable, what's user privileges will use to run?

Answer: root

What SUID stands for?

Answer: Set owner User ID

What is the name of the executable being called in an insecure manner?

Answer: cat

Submit User Flag

Answer: f2c74ee8db7983851ab2a96a44eb7981

Submit Root Flag

Answer: af13b0bee69f8a877c3faf667f7beacf

Last updated 1 year ago