Oopsie

Initial Scan

sudo nmap -T4 -Pn -sV -sC -v 10.129.95.191 -oA Oopsie

Task 1

With what kind of tool can intercept web traffic?

Answer: Proxy

Task 2

What is the path to the directory on the webserver that returns a login page? Answer: /cdn-cgi/login

Task 3

What can be modified in Firefox to get access to the upload page?

Answer: Cookie

Task 4

What is the access ID of the admin user?

Answer: 34322

Task 5

On uploading a file, what directory does that file appear in on the server?

Answer: /uploads/

Task 6

What is the file that contains the password that is shared with the robert user?

Upgrade to a functional shell:

python3 -c 'import pty;pty.spawn("/bin/bash")'

Answer: db.php

Task 7

What executible is run with the option "-group bugtracker" to identify all files owned by the bugtracker group?

Answer: find

Task 8

Regardless of which user starts running the bugtracker executable, what's user privileges will use to run?

Answer: root

Task 9

What SUID stands for?

Answer: Set owner User ID

Task 10

What is the name of the executable being called in an insecure manner?

Answer: cat

Task 11

Submit User Flag

Answer: f2c74ee8db7983851ab2a96a44eb7981

Task 12

Submit Root Flag

Answer: af13b0bee69f8a877c3faf667f7beacf