sunset: decoy Walkthrough
| reference | sunset: decoy |
| target ip | 192.168.1.123 |
Scan with nmap:
Enumerate HTTP, request http://192.168.1.123/save.zip.
zip2john:
Crack with john:
unzip:
unshadow, crack with john:
Login into the system as user 296640a3b825115a47b68fc44501c828:
Escape from rbash:
/home/296640a3b825115a47b68fc44501c828/user.txt:
Setup PATH to make shell more convinent:
1 | export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
Enumerate /home/296640a3b825115a47b68fc44501c828/SV-502/logs/log.txt:
Enumerate with pspy64:
Escalate from user 296640a3b825115a47b68fc44501c828 to user root with Chkrootkit 0.49 - Local Privilege Escalation:
/root/root.txt:
strings /home/296640a3b825115a47b68fc44501c828/honeypot.decoy:
/root/script.sh:
/home/296640a3b825115a47b68fc44501c828/honeypot.decoy.cpp:
