Cap – 10.10.10.245
Initial foothold / user
Default scan reveals 3 open ports
Going to the website shows an already logged in gunicorn website.
Browsing it, I found interesting looking links
But messing around with that lead me nowhere.
The PCAP analysis page though was interesting.
Going todownloading it and opening in wireshark credentials are found.
And in that directory we get user.txt
Trying to push files into various directories without any success it finally hit me… Why not try ssh?
Of course that worked.
Privilege escalation / root
Python has a fun little capability enabled. Exploiting that we get root.
This box was a milestone for me. It’s the first box that takes me less than an hour to complete.