Pluck CTF Exploitation:
Thanks to Vulnhub Team and Ryan Oberto
LFI vulnerability detected with luck 🙂
After investigating backup.sh script opened:
/backups/backup.tar file noted for later downloading…
SQL Injection attack tried for gain privilige but all attempts were negative:
After I wanted to look the source of admin.php file:
After decoding it seems that the error was not related with mysqli…
I downloaded the backup.tar file and looked in it:
I found some ssh key files under paul user:
After I logged in to ssh with this key files.
Firstly I entered edit menü with vi
O typed
set shell=/bin/bash
After I typed :shell
and shell opened
cowroot.c exploit downloaded from exploit-db website below
https://www.exploit-db.com/exploits/40616/
