Vegeta: 1 Walkthrough
reference | Vegeta: 1 |
target ip | 192.168.1.11 |
Scan with nmap
:

Enumerate HTTP with gobuster
:

Request http://192.168.1.11/bulma
:

Download http://192.168.1.11/bulma/hahahaha.wav
, and decode with Morse Decoder:

Login into the target as user trunks (lowercase):

Writable /etc/passwd
:

1 | openssl passwd -1 -salt user pass |
Escalate from user trunks to user user (root):

http://192.168.1.11/login.php
:

http://192.168.1.11/find_me/find_me.html
:

Base64 decode twice:

QR Decode with ZXing Decoder Online:

http://192.168.1.11/admin/admin.php
:

/var/www/html/b374k.php
:
