«

»

Nis 07

Pluck v1.0 Vulnhub CTF Writeup

Pluck CTF Exploitation:

Thanks to Vulnhub Team and Ryan Oberto


 

 

 

 

 

 

LFI vulnerability detected with luck 🙂

 

 

 

 

 

 

 

After investigating backup.sh script opened:

 

 

 

 

 

 

 

 

 

/backups/backup.tar file noted for later downloading…

SQL Injection attack tried for gain privilige but all attempts were negative:

 


 

 

 

 

 

 

 

After I wanted to look the source of admin.php file:

 

 

 

 

 

After decoding it seems that the error was not related with mysqli…

 

 

 

 

 

 

I downloaded the backup.tar file and looked in it:

 

 

 

I found some ssh key files under paul user:

 

 

 

 

 

After I logged in to ssh with this key files.
Firstly I entered edit menü with vi
O typed
set shell=/bin/bash
After I typed :shell
and shell opened

 

 

 

 

 

 

 

cowroot.c exploit downloaded from exploit-db website below

https://www.exploit-db.com/exploits/40616/

 

 

 

 

 

 

 

 

 

 

 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>