Buy Me A Coffee


------->Run Nmap Scan <-----------

------->From the Nmap Scan we can identify that , Port 22 and 8080 are open

Go to the website, From the webpage we identified a file '' <-----------

------->Try to find where it located in the website using WFUZZ tool, and we got it is inside the develop folder <-----------

------->Go to the Page, we can see the Python file in their <-----------

------->By Analyzing the code, i identified the 'exec()' contains the path variable,which gives by us <-----------

------->It is using python, so search for python reverse shell and i found from pentestmonkey <-----------

------->Copy and Paste it as the path after the Host and we got a shell <-----------

------->I found robert is a user from '/etc/passwd' , So go to '/home/robert/' folder.
We can see some files and a python script.
by reading 'check.txt' we identified that the key will get from 'out.txt'.
so tried with the python script's options and add 'key to use' as the text which is in 'check.txt'. <-----------

------->Now we got the key to decrypt the 'passwordreminder.txt'.
execute python script with the key we got now and
We Got the Password for the robert User and Login as robert. <-----------

------->We got User flag <-----------

------->Now check which all are we can execute with sudo priviliage, we found '' from BetterSSH folder.

From the robert's directory i found robert have the priviliage to modify the directory.
So i moved the current BetterSSH to BetterSSH_backup and created a BetterSSH folder.
And i added file. In that file i added code to get bash shell.
Now execute the file with sudo permission and we got root user and flag <-----------