->madness




User part :



->Run Nmap Scan





-> port 80 is open , so let's check website





-> As you can see the above image shows error in loading image, so lets check source code.





-> let's download the image and check what's wrong with image





-> You can see the image is '.jpg' file and header is PNG, so let's edit the hex code to change code from PNG to jpg





-> open image in ghex







-> search for image magic number and got 'jpg' magic number





-> change hex value





-> now open image, you can see hidden directory. open hidden directory in browser





-> from the website we can identify that, we should guess 'secret'.







-> there is a hint that number is between 0 to 99





-> By burp intruder i got the secret





-> after some enumeration i got username using steghide from the downloaded image, the username is in rot13 format, so let's decode it







-> after some more enumeration i downloaded and checked with this mentioned image







-> By using the steghide i got 'password.txt' file which contains password





-> i got username and password so tried to ssh and got shell





Root Part :



-> lets check for SUID , and got this intresting part





-> searched for exploit in exploitdb





-> save exploit and run, as you can see now iam root user