Nis 07

Pluck v1.0 Vulnhub CTF Writeup

Pluck CTF Exploitation:

Thanks to Vulnhub Team and Ryan Oberto







LFI vulnerability detected with luck 🙂








After investigating backup.sh script opened:










/backups/backup.tar file noted for later downloading…

SQL Injection attack tried for gain privilige but all attempts were negative:









After I wanted to look the source of admin.php file:






After decoding it seems that the error was not related with mysqli…







I downloaded the backup.tar file and looked in it:




I found some ssh key files under paul user:






After I logged in to ssh with this key files.
Firstly I entered edit menü with vi
O typed
set shell=/bin/bash
After I typed :shell
and shell opened








cowroot.c exploit downloaded from exploit-db website below













Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>