sunset: decoy Walkthrough
reference | sunset: decoy |
target ip | 192.168.1.123 |
Scan with nmap
:

Enumerate HTTP, request http://192.168.1.123/save.zip
.
zip2john
:

Crack with john
:

unzip
:

unshadow
, crack with john
:

Login into the system as user 296640a3b825115a47b68fc44501c828:

Escape from rbash
:

/home/296640a3b825115a47b68fc44501c828/user.txt
:

Setup PATH
to make shell more convinent:
1 | export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
Enumerate /home/296640a3b825115a47b68fc44501c828/SV-502/logs/log.txt
:

Enumerate with pspy64
:

Escalate from user 296640a3b825115a47b68fc44501c828 to user root with Chkrootkit 0.49 - Local Privilege Escalation:

/root/root.txt
:

strings /home/296640a3b825115a47b68fc44501c828/honeypot.decoy
:

/root/script.sh
:

/home/296640a3b825115a47b68fc44501c828/honeypot.decoy.cpp
:
